Google Cyber Security - Glossary - All Flashcards by Nahman L

The full file path, which starts from the root

Absolute file path

How well did you know this?

Not at all

Perfectly

Security controls that manage access, authorization, and accountability of information

Access controls

How well did you know this?

Not at all

Perfectly

A type of attack where data packets are manipulated in transit

Active packet sniffing

How well did you know this?

Not at all

Perfectly

A network protocol used to determine the MAC address of the next router or device on the path

Address Resolution Protocol (ARP)

How well did you know this?

Not at all

Perfectly

An instance when a threat actor maintains unauthorized access to a system for an extended period of time

Advanced persistent threat (APT)

How well did you know this?

Not at all

Perfectly

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Adversarial artificial intelligence (AI)

How well did you know this?

Not at all

Perfectly

A type of legitimate software that is sometimes used to display digital advertisements in applications

Adware

How well did you know this?

Not at all

Perfectly

A set of rules used to solve a problem

Algorithm

How well did you know this?

Not at all

Perfectly

The investigation and validation of alerts

Analysis

How well did you know this?

Not at all

Perfectly

A technique where attackers impersonate customer service representatives on social media

Angler phishing

How well did you know this?

Not at all

Perfectly

A detection method that identifies abnormal behavior

Anomaly-based analysis

How well did you know this?

Not at all

Perfectly

A software program used to prevent, detect, and eliminate malware and viruses

Antivirus software

How well did you know this?

Not at all

Perfectly

A program that performs a specific task

Application

How well did you know this?

Not at all

Perfectly

A small block of encrypted code that contains information about a user

Application programming interface (API) token

How well did you know this?

Not at all

Perfectly

Specific information needed by a command

Argument (Linux)

How well did you know this?

Not at all

Perfectly

The data brought into a function when it is called

Argument (Python)

How well did you know this?

Not at all

Perfectly

A data type that stores data in a comma-separated ordered list

Array

How well did you know this?

Not at all

Perfectly

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

Assess

How well did you know this?

Not at all

Perfectly

An item perceived as having value to an organization

Asset

How well did you know this?

Not at all

Perfectly

The practice of labeling assets based on sensitivity and importance to an organization

Asset classification

How well did you know this?

Not at all

Perfectly

A catalog of assets that need to be protected

Asset inventory

How well did you know this?

Not at all

Perfectly

The process of tracking assets and the risks that affect them

Asset management

How well did you know this?

Not at all

Perfectly

The use of a public and private key pair for encryption and decryption of data

Asymmetric encryption

How well did you know this?

Not at all

Perfectly

All the potential vulnerabilities that a threat actor could exploit

Attack surface

How well did you know this?

Not at all

Perfectly

A diagram that maps threats to assets

Attack tree

The pathways attackers use to penetrate security defenses

Attack vectors

The process of verifying who someone is

Authentication

The concept of granting access to specific resources in a system

Authorization

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

Authorize

The use of technology to reduce human and manual effort to perform common and repetitive tasks

Automation

The idea that data is accessible to those who are authorized to access it

Availability

A social engineering tactic that tempts people into compromising their security

Baiting

The maximum data transmission capacity over a network, measured by bits per second

Bandwidth

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

Baseline configuration (baseline image)

The default shell in most Linux distributions

Bash

The technology used to establish a user’s request to access a server

Basic auth

A microchip that contains loading instructions for the computer and is prevalent in older systems

Basic Input/Output System (BIOS)

The unique physical characteristics that can be used to verify a person’s identity

Biometrics

The smallest unit of data measurement on a computer

Bit

Data that can only be one of two values: either True or False

Boolean data

A software program that boots the operating system

Bootloader

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"

Botnet

The indices placed in square brackets

Bracket notation

Inconsistencies in the collection and logging of evidence in the chain of custody

Broken chain of custody

The trial and error process of discovering private information

Brute force attack

Programs that encourage freelance hackers to find and report vulnerabilities

Bug bounty

A function that exists within Python and can be called directly

Built-in function

An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans

Business continuity

A document that outlines the procedures to sustain business operations during and after a significant disruption

Business continuity plan (BCP)

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Business Email Compromise (BEC)

The second step of the NIST RMF that is used to develop risk management processes and tasks

Categorize

An open-source distribution that is closely related to Red Hat

CentOS

A computer’s main processor, which is used to perform general computing tasks on a computer

Central Processing Unit (CPU)

The process of documenting evidence possession and control during an incident lifecycle

Chain of custody

A cloud-native tool designed to retain, analyze, and search data

Chronicle

An algorithm that encrypts information

Cipher

Software firewalls that are hosted by the cloud service provider

Cloud-based firewalls:

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Cloud computing

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Cloud network

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Cloud security

An instruction telling the computer to do something

Command

The techniques used by malicious actors to maintain communications with compromised systems

Command and control (C2)

A text-based user interface that uses commands to interact with the computer

Command-line interface (CLI)

A note programmers make about the intention behind their code

Comment:

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Common Event Format (CEF)

An openly accessible dictionary of known vulnerabilities and exposures

Common Vulnerabilities and Exposures (CVE®) list

A measurement system that scores the severity of a vulnerability

Common Vulnerability Scoring System (CVSS)

The process of adhering to internal standards and external regulations

Compliance

A specialized group of security professionals that are trained in incident management and response

Computer security incident response teams (CSIRT)

Malicious code written to interfere with computer operations and cause damage to data and software

Computer virus

A statement that evaluates code to determine if it meets a specified set of conditions

Conditional statement

The idea that only authorized users can access specific assets or data

Confidentiality

Data that often has limits on the number of people who have access to it

Confidential data

A model that helps inform how organizations consider risk when setting up systems and security policies

Confidentiality, integrity, availability (CIA) triad

A file used to configure the settings of an application

Configuration file

The act of limiting and preventing additional damage caused by an incident

Containment

A subnet that protects the internal network from the uncontrolled zone

Controlled zone

An injection attack that inserts code into a vulnerable website or web application

Cross-site scripting (XSS)

The practice of gathering information using public input and collaboration

Crowdsourcing

Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient

Cryptographic attack

A mechanism that decrypts ciphertext

Cryptographic key

The process of transforming information into a form that unintended readers can’t understand

Cryptography

A form of malware that installs software to illegally mine cryptocurrencies

Cryptojacking

An organization that volunteers to analyze and distribute information on eligible CVEs

CVE Numbering Authority (CNA)

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Cybersecurity (or security)

Information that is translated, processed, or stored by a computer

Data

Data not currently being accessed

Data at rest

An organized collection of information or data

Database

A person that determines the procedure and purpose for processing data

Data controller

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Data custodian

Unauthorized transmission of data from a system

Data exfiltration:

Data traveling from one point to another

Data in transit:

Data being accessed by one or more users

Data in use

The person who decides who can access, edit, use, or destroy their information

Data owner

A basic unit of information that travels from one device to another within a network

Data packet

A specific piece of information

Data point

A person that is responsible for processing data on behalf of the data controller

Data processor

An individual that is responsible for monitoring the compliance of an organization's data protection procedures

Data protection officer (DPO)

A category for a particular type of data item

Data type

Data representing a date and/or time

Date and time data

A software tool that helps to locate the source of an error and assess its causes

Debugger

The practice of identifying and fixing errors in code

Debugging

A layered approach to vulnerability management that reduces risk

Defense in depth

An attack that targets a network or server and floods it with network traffic

Denial of service (DoS) attack

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Detect

The prompt discovery of security events

Detection

Data that consists of one or more key-value pairs

Dictionary data

A file that verifies the identity of a public key holder

Digital certificate

The practice of collecting and analyzing data to determine what has happened after an attack

Digital forensics

A file that organizes where other files are stored

Directory

A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident

Disaster recovery plan

A type of denial or service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic

Distributed denial of service (DDoS) attack

The different versions of Linux

Distributions

Any form of recorded content that is used for a specific purpose

Documentation

An instance when malicious script exists in the webpage a browser loads

DOM-based XSS attack

A networking protocol that translates internet domain names into IP addresses

Domain Name System (DNS)

Dropper: A program or a file used to install a rootkit on a target computer

Dropper

A brief summary of your experience, skills, and background

Elevator pitch

A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets

Encapsulation

The process of converting data from a readable format to an encoded format

Encryption

Any device connected on a network

Endpoint

An application that monitors an endpoint for malicious activity

Endpoint detection and response (EDR)

The complete removal of the incident elements from all affected systems

Eradication

A set of actions that outline who should be notified when an incident alert occurs and how that incident should be handled

Escalation policy

An observable occurrence on a network, system, or device

Event

An error that involves code that cannot be executed even though it is syntactically correct

Exception

An operator that does not include the value of comparison

Exclusive operator

A way of taking advantage of a vulnerability

Exploit

A mistake that can be exploited by a threat

Exposure

Anything outside the organization that has the potential to harm organizational assets

External threat

A state where the presence of a threat is not detected

False negative

An alert that incorrectly detects the presence of a threat

False positive

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

Fileless malware

The location of a file or directory

File path

The component of the Linux OS that organizes data

Filesystem Hierarchy Standard (FHS)

Selecting data that match a certain condition

Filtering

Documentation that provides a comprehensive review of an incident

Final report

Firewall: A network security device that monitors traffic to or from a network

Firewall

Data consisting of a number with a decimal point

Float data

A column in a table that is a primary key in another table

Foreign key

A server that regulates and restricts a person’s access to the internet

Forward proxy server

A section of code that can be reused in a program

Function

A variable that is available through the entire program

Global variable

A user interface that uses icons on the screen to manage different tasks on the computer

Graphical user interface (GUI)

Any person or group who uses computers to gain unauthorized access to data

Hacker

A person who uses hacking to achieve a political goal

Hacktivist

A hardware component used for long-term memory

Hard drive

The physical components of a computer

Hardware

An instance when different inputs produce the same hash value

Hash collision

An algorithm that produces a code that can’t be decrypted

Hash function

A data structure that's used to store and reference hash values

Hash table

A U.S. federal law established to protect patients’ health information

Health Insurance Portability and Accountability Act (HIPAA)

A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders

Honeypot

An application that monitors the activity of the host on which it’s installed

Host-based intrusion detection system (HIDS)

A network device that broadcasts information to every device on the network

Hub

An application layer protocol that provides a method of communication between clients and website servers

Hypertext Transfer Protocol (HTTP)

A network protocol that provides a secure method of communication between clients and website servers

Hypertext Transfer Protocol Secure (HTTPS)

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Identify:

A collection of processes and technologies that helps organizations manage digital identities in their environment

Identity and access management (IAM):

A set of standards that define communication for wireless LANs

IEEE 802.11 (Wi-Fi):

An object that cannot be changed after it is created and assigned a value

Immutable:

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Implement:

An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies

Improper usage:

An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies

Incident:

Observable evidence that suggests signs of a potential security incident

Indicators of compromise (IoC):

The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member

Incident escalation:

A form of documentation used in incident response

Incident handler’s journal:

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Incident response:

A document that outlines the procedures to take in each step of incident response

Incident response plan:

An operator that includes the value of comparison

Inclusive operator:

Space added at the beginning of a line of code

Indentation:

The practice of keeping data in all states away from unauthorized users

Information security (InfoSec):

The series of observed events that indicate a real-time incident

Indicators of attack (IoA):

A number assigned to every element in a sequence that indicates its position

Index:

The protection of unauthorized access and distribution of data

Information privacy:

Malicious code inserted into a vulnerable application

Injection attack:

Data consisting of a number that does not include a decimal point

Integer data:

Programming that validates inputs from users and other programs

Input validation:

The idea that the data is correct, authentic, and reliable

Integrity:

A software application for writing code that provides editing assistance and error correction tools

Integrated development environment (IDE):

The components required to run the computer

Internal hardware:

A current or former employee, external vendor, or trusted partner who poses a security risk

Internal threat:

An internet protocol used by devices to tell each other about data transmission errors across the network

Internet Control Message Protocol (ICMP):

A unique string of characters that identifies the location of a device on the internet

Internet Protocol (IP) address:

A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server

Internet Control Message Protocol flood (ICMP flood):

A set of standards used for routing and addressing data packets as they travel between devices on a network

Internet Protocol (IP):

A computer program that translates Python code into runnable instructions line by line

Interpreter:

An application that monitors system activity and alerts on possible intrusions

Intrusion detection system (IDS):

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

IP spoofing:

An application that monitors system activity for intrusive activity and takes action to stop the activity

Intrusion prevention system (IPS):

Code that repeatedly executes a set of instructions

Iterative statement:

The component of the Linux OS that manages processes and memory

Kernel:

An open-source distribution of Linux that is widely used in the security industry

KALI LINUX ™:

A set of data that represents two linked items: a key, and its corresponding value

Key-value pair:

A collection of modules that provide code users can access in their programs

Library:

An operating system that is outdated but still being used

Legacy operating system:

A meeting that includes all involved parties after a major incident

Lessons learned meeting:

An open-source operating system

Linux:

The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list

List concatenation:

Data structure that consists of a collection of data in sequential form

List data:

Malicious code that launches after a user initiates a dropper program

Loader:

A network that spans small areas like an office building, a school, or a home

Local Area Network (LAN):

A variable assigned within a function

Local variable:

The process of examining logs to identify events of interest

Log analysis:

A record of events that occur within an organization’s systems

Log:

The recording of events occurring on computer systems and networks

Logging:

The process of collecting, storing, analyzing, and disposing of log data

Log management:

An error that results when the logic used in code produces unintended results

Logic error:

The part of a loop that determines when the loop terminates

Loop condition:

A variable that is used to control the iterations of a loop

Loop variable:

Software designed to harm devices or networks

Malware:

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Metrics:

A unique alphanumeric identifier that is assigned to each physical device on a network

Media Access Control (MAC) address:

An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network

Malware infection:

A function that belongs to a specific data type

Method:

A device that connects your router to the internet and brings internet access to the LAN

Modem:

A collection of non-profit research and development centers

MITRE:

A Python file that contains additional functions, variables, classes, and any kind of runnable code

Module:

The seventh step of the NIST RMF that means be aware of how systems are operating

Monitor:

A group of connected devices

Network:

A security measure that requires a user to verify their identity in two or more ways to access a system or network

Multi-factor authentication (MFA):

A command-line file editor that is available by default in many Linux distributions

nano:

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF):

A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication and Recovery, and Post-incident activity

National Institute of Standards and Technology (NIST) Incident Response Lifecycle:

A unified framework for protecting the security of information systems within the U.S. federal government

National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53:

The data that’s transmitted between devices on a network

Network data:

An application that collects and monitors network traffic and network data

Network-based intrusion detection system (NIDS):

A tool designed to capture and analyze data traffic within a network

Network protocol analyzer (packet sniffer):

The process of examining network logs to identify events of interest

Network log analysis:

Hardware that connects computers to a network

Network Interface Card (NIC):

The practice of keeping an organization's network infrastructure secure from unauthorized access

Network security:

A set of rules used by two or more devices on a network to describe the order of delivery and the structure of data

Network protocols:

A security technique that divides the network into segments

Network segmentation:

The amount of data that moves across a network

Network traffic:

The concept that the authenticity of information can’t be denied

Non-repudiation:

An online interface for writing, storing, and running code

Notebook:

Data consisting of numbers

Numeric data:

A data type that stores data in a comma-separated list of key-value pairs

Object:

An open-standard authorization protocol that shares designated access between applications

OAuth:

An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit

On-path attack:

The collection and analysis of information from publicly available sources to generate usable intelligence

Open-source intelligence (OSINT):

A standardized concept that describes the seven layers computers use to communicate and send data over the network

Open systems interconnection (OSI) model:

The interface between computer hardware and the user

Operating system (OS):

A non-profit organization focused on improving software security

Open Web Application Security Project (OWASP):

A symbol or keyword that represents an operation

Operator:

Input that modifies the behavior of a command

Options:

The practice of capturing and inspecting data packets across a network

Packet sniffing:

A sequence outlining the order of data that must be preserved from first to last

Order of volatility:

A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications

OWASP Top 10:

A piece of software that can be combined with other packages to form an application

Package:

A tool that helps users install, manage, and remove packages or applications

Package manager:

A file containing data packets intercepted from an interface or network

Packet capture (P-cap):

An object that is included in a function definition for use in that function

Parameter (Python):

An open-source distribution that is commonly used for security

Parrot:

The process of converting data into a more readable format

Parsing:

A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

Passive packet sniffing:

An attempt to access password secured devices, systems, networks, or data

Password attack:

A software and operating system update that addresses security vulnerabilities within a program or product

Patch update:

Any cardholder data that an organization accepts, transmits, or stores

Payment Card Industry Data Security Standards (PCI DSS):

A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes

Penetration test (pen test):

A resource that provides stylistic guidelines for programmers working in Python

PEP 8 style guide:

Hardware components that are attached and controlled by the computer system

Peripheral devices:

The type of access granted for a file or directory

Permissions:

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Phishing:

Any information used to infer an individual's identity

Personally identifiable information (PII):

A collection of software tools needed to launch a phishing campaign

Phishing kit:

A security incident that affects not only digital but also physical environments where the incident is deployed

Physical attack:

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Physical social engineering:

A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

Ping of death:

A manual that provides details about any operational action

Playbook:

A set of rules that reduce risk and protect information

Policy:

A software-based location that organizes the sending and receiving of data between devices on a network

Port:

A firewall function that blocks or allows certain port numbers to limit unwanted communication

Port filtering:

The process of reviewing an incident to identify areas for improvement during incident handling

Post-incident activity:

A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

Potentially unwanted application (PUA):

Information that should be kept from the public

Private data:

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Prepare:

A column where every row has a unique entry

Primary key:

A coding technique that executes SQL statements before passing them on to a database

Prepared statement:

The concept of granting only the minimal access and authorization required to complete a task or function

Principle of least privilege:

The act of safeguarding personal information from unauthorized use

Privacy protection:

Step-by-step instructions to perform a specific security task

Procedures:

A popular threat modeling framework that’s used across many industries

Process of Attack Simulation and Threat Analysis (PASTA):

A process that can be used to create a specific set of instructions for a computer to execute tasks

Programming:

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Protect:

Information that relates to the past, present, or future physical or mental health or condition of an individual

Protected health information (PHI):

The process of properly working with fragile and volatile digital evidence

Protecting and preserving evidence:

A server that fulfills the requests of its clients by forwarding them to other servers

Proxy server:

Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others

Public data:

An encryption framework that secures the exchange of online information

Public key infrastructure (PKI):

An extensive collection of Python code that often comes packaged with Python

Python Standard Library:

A request for data from a database table or a combination of tables

Query:

A file of pre-generated hash values and their associated plaintext

Rainbow table:

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

Quid pro quo:

A hardware component used for short-term memory

Random Access Memory (RAM):

The process of returning affected systems back to normal operations

Recovery:

A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other

Rapport:

Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Ransomware:

A NIST core function related to returning affected systems back to normal operation

Recover:

An instance when malicious script is sent to a server and activated during the server’s response

Reflected XSS attack:

A subscription-based distribution of Linux built for enterprise use

Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course):

A sequence of characters that forms a pattern

Regular expression (regex):

Rules set by a government or other authority to control the way something is done

Regulations:

Relational database: A structured database containing tables that are related to each other

Relational database:

A file path that starts from the user's current directory

Relative file path:

Replay attack: A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time

Replay attack:

The ability to prepare for, respond to, and recover from disruptions

Resiliency:

Respond: A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Respond:

A Python statement that executes inside a function and sends information back to the function call

Return statement:

A server that regulates and restricts the internet's access to an internal server

Reverse proxy server:

Anything that can impact the confidentiality, integrity, or availability of an asset

Risk:

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Risk mitigation:

The highest-level directory in Linux

Root directory:

A user with elevated privileges to modify the system

Root user (or superuser):

Rootkit: Malware that provides remote, administrative access to a computer

Rootkit:

A network device that connects multiple networks together

Router:

An additional safeguard that’s used to strengthen hash functions

Salting:

Malware that employs tactics to frighten users into infecting their device

Scareware:

Splunk’s query language

Search Processing Language (SPL):

Secure File Transfer Protocol (SFTP): A secure protocol used to transfer files from one device to another over a network

Secure File Transfer Protocol (SFTP):

A security protocol used to create a shell with a remote system

Secure shell (SSH):

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security architecture:

A review of an organization's security controls, policies, and procedures against a set of expectations

Security audit:

Security controls: Safeguards designed to reduce specific security risks

Security controls:

Guidelines for making appropriate decisions as a security professional

Security ethics:

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security frameworks:

Practices that help support, define, and direct security efforts of an organization

Security governance:

The process of strengthening a system to reduce its vulnerabilities and attack surface

Security hardening:

An application that collects and analyzes log data to monitor critical activities in an organization

Security information and event management (SIEM):

The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data

Security mindset:

An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks

Security operations center (SOC):

Security zone: A segment of a company’s network that protects the internal network from the internet

Security zone:

An organization’s ability to manage its defense of critical assets and data and react to change

Security posture:

A collection of applications, tools, and workflows that use automation to respond to security events

Security orchestration, automation, and response (SOAR):

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Select:

A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), or protected health information (PHI)

Sensitive data:

The principle that users should not be given levels of authorization that would allow them to misuse a system

Separation of duties:

A specific type of PII that falls under stricter handling guidelines

Sensitive personally identifiable information (SPII):

a sequence of network HTTP requests and responses associated with the same user

Session:

A token that websites use to validate a session and determine how long that session should last

Session cookie:

An event when attackers obtain a legitimate user’s session ID

Session hijacking:

Data that consists of an unordered collection of unique values

Set data:

Session ID: A unique token that identifies a user and their device while accessing a system

The command-line interpreter

Shell:

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Shared responsibility:

A pattern that is associated with malicious activity

Signature:

A network protocol used for monitoring and managing devices on a network

Simple Network Management Protocol (SNMP):

A detection method used to find events of interest

Signature analysis:

A technology that combines several different logins into one

Single sign-on (SSO):

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

Smishing:

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets

Smurf attack:

A manipulation technique that exploits human error to gain private information, access, or valuables

Social engineering:

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Social media phishing:

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Spear phishing:

The rate at which a device sends and receives data, measured by bits per second

Speed:

A cloud-hosted tool used to collect, search, and monitor log data

Splunk Cloud:

A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time

Splunk Enterprise:

Spyware: Malware that’s used to gather and sell information without consent

Spyware:

A programming language used to create, interact with, and request information from a database

SQL (Structured Query Language):

An attack that executes unexpected queries on a database

SQL injection:

Stakeholder: An individual or group that has an interest in any decision or activity of an organization

Stakeholder:

An error message returned by the OS through the shell

Standard error:

Information received by the OS via the command line

Standard input:

Information returned by the OS through the shell

Standard output:

STAR method: An interview technique used to answer behavioral and situational questions

STAR method:

Standards: References that inform how to set policies

Standards:

A class of firewall that keeps track of information passing through it and proactively filters out threats

Stateful:

A class of firewall that operates based on predefined rules and that does not keep track of information from data packets

Stateless:

An instance when malicious script is injected directly on the server

Stored XSS attack:

Data consisting of an ordered sequence of characters

String data:

The process of joining two strings together

String concatenation:

A manual that informs the writing, formatting, and design of documents

Style guide:

A continuous sequence of characters within a string

Substring:

The subdivision of a network into logical groups called subnets

Subnetting:

A command that temporarily grants elevated permissions to specific users

Sudo:

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Supply-chain attack:

Suricata: An open-source intrusion detection system, intrusion prevention system, and network analysis tool

Suricata:

A device that makes connections between specific devices on a network by sending and receiving data between them

Switch:

Symmetric encryption: The use of a single secret key to exchange information

Symmetric encryption:

A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

Synchronize (SYN) flood attack:

The rules that determine what is correctly structured in a computing language

Syntax:

An error that involves invalid usage of a programming language

Syntax error:

Any person or group who presents a security risk

Threat actor:

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

Tailgating:

A framework used to visualize how data is organized and transmitted across a network

TCP/IP model:

The proactive search for threats on a network

Threat hunting:

tcpdump: A command-line network protocol analyzer

tcpdump:

Skills that require knowledge of specific tools, procedures, and policies

Technical skills:

Threat: Any circumstance or event that can negatively impact assets

Threat:

The collection and transmission of data for analysis

Telemetry:

Evidence-based threat information that provides context about existing or emerging threats

Threat intelligence:

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

Threat modeling:

Skills from other areas that can apply to different careers

Transferable skills:

An internet communication protocol that allows two devices to form a connection and stream data

Transmission Control Protocol (TCP):

The prioritizing of incidents according to their level of importance or urgency

Triage:

Malware that looks like a legitimate file or program

Trojan horse:

A state where there is no detection of malicious activity

True negative:

True positive An alert that correctly detects the presence of an attack

True positive

Data that consists of a collection of data that cannot be changed

Tuple data:

An error that results from using the wrong data type

Type error:

Ubuntu: An open-source, user-friendly distribution that is widely used in security and other industries

Ubuntu:

Unauthorized access: An incident type that occurs when an individual gains digital or physical access to a system or application without permission

A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems

Unified Extensible Firmware Interface (UEFI):

Any network outside your organization's control

Uncontrolled zone:

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

USB baiting:

The person interacting with a computer

User:

A function that programmers design for their specific needs

User-defined function:

A connectionless protocol that does not establish a connection between devices before transmissions

User Datagram Protocol (UDP):

A program that allows the user to control the functions of the operating system

User interface:

The process of creating and maintaining a user's digital identity

User provisioning:

A container that stores data

Variable:

A network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet

Virtual Private Network (VPN):

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Vishing:

A weakness that can be exploited by a threat

Vulnerability:

Malicious code written to interfere with computer operations and cause damage to data and software

Virus:

A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content

VirusTotal:

A way of displaying various types of data quickly in one place

Visual dashboard:

Vulnerability scanner: Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network

Vulnerability scanner:

The process of finding and patching vulnerabilities

Vulnerability management:

Vulnerability assessment: The internal review process of an organization's security systems

Vulnerability assessment:

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Watering hole attack:

Malicious code or behavior that’s used to take advantage of coding flaws in a web application

Web-based exploits:

A category of spear phishing attempts that are aimed at high-ranking executives in an organization

Whaling:

A network that spans a large geographic area like a city, state, or country

Wide Area Network (WAN):

A wireless security protocol for devices to connect to the internet

Wi-Fi Protected Access (WPA):

A special character that can be substituted with any other character

Wildcard:

An open-source network protocol analyzer

Wireshark:

An exploit that was previously unknown

Zero-day:

A computer language used to create rules for searching through ingested log data

YARA-L:

Malware that can duplicate and spread itself across systems on its own

Worm:

A file that can be altered by anyone in the world

World-writable file: