Module 1: Fundamentals Flashcards
(14 cards)
NOC (Network Operations Center)
A centralized location where IT team can maintain and monitor the
organization network infrastructure
Deep learning
A subset of machine learning that uses multi-layered neural networks. Can extract features from raw and unstructured data.
IPC (Inter-process communication)
The mechanism that allows different programs/processes to communicate
Network quarantine
Technique to isolate offending computers
PCI DSS (Payment Card Industry Data Security Standard)
Widely used framework. Protects card data.
SOC (Security Operations Center)
Widely used framework. Focuses on protecting customer data.
SIEM (Security Information and Event Management)
System of technology that provides SOCs with tools + technologies to monitor, detect, respond to threats/incidents. Supports:
- Event correlation
- Contextual information
- Reduce false positives
- Data aggregation
- Real-time monitoring
Raw form
Data
Processed form
Information
Enhanced form
Knowledge
Data generating sources
- network devices like firewalls
- IDS (intrusion detection systems)
- endpoint security tools
- email servers
- web servers
- IAM systems (Identity and access mgmt)
- vulnerability scanners
- threat intelligence feeds
- system logs
- application logs
Forms of data
- Structured (example: relational data + models)
- Semi-structured (not stored in relation form, has organization properties that make it easier to analyze)
- Unstructured (not fit for relational)
Learning process of machine learning
- Measureing devices (sensors)
- Preprocessing (feature extraction, normalization)
- Dimensionality reduction
- Prediction
- Model selection
- Analysis results
Why data-driven models?
Don’t make mistakes from lack of data or poor data.
