Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Study CompTia SY0-601 > Security+ Acronyms > Flashcards

Security+ Acronyms Flashcards

(50 cards)

Start Studying
1
Q

PCI DSS

A

PCI DSS - Payment Card Industry Data Security Standards

Defines how to manage credit/debit card data

Specific controls, there are 12, but usually discuss these
Company must annually have a security test/audit
All user accounts must be unique
Never store the CVV code of the card

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST

A

National Institute for Standards and Technology

USGov agency that makes standards and guidelines

Describes/Defines cybersecurity framework as 5 functions:
Identify
Protect
Detect
Respond
Recover

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

GDPR

A

GDPR - General Data Protection Regulation

EU law regarding privacy protections in and out of EU

Must have informed consent to be able to use someones personal data

Exam? - usually has international implications

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISO 31000

A

ISO - International Organization of Standardization

31000 - Specification which lists enterprise risk managements (ERM) best practices

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Control Functional Types

A

Type 1:
Preventative - before attack - physical or logical
Detective - during attack - record successful or failed attacks - security guard monitoring camera
Corrective - after attack - responds to and/or fixes an incident - security guard response

Type 2:
Deterrent - psychological - unmonitored camera
Physical - gates, fences, locks, camera, signs
Compensating - substitute for principle control as recommended by security standard

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NIST CSF

A

National Institute of Standards and Technology Cybersecurity Framework

A list of activities and objectives undertaken to mitigate risks

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ISO 27001

A

International Organization of Standardization

27001 - information security rules and regulations (compliance/regulations)

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ISO 27701

A

ISO - International Organization of Standards
27701 - focuses on personal data and privacy rules

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ISO 27702

A

ISO - International Organization of Standardization

27702 - Information Security best practices

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ISO 22301

A

ISO - International Organization of Standardization

22301 - Security & resilience, business continuity management

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSAE SOC2, SOC3

A

SSAE - Statements on Standards for Attestation Engagements
-are audit specifications to assure consumers of service providers (cloud or 3rd party) meet professional standards

SOC - Service Organization Control
SOC2 - evaluates internal controls (relative to the CIA triad) of the service provider, internal report between auditor, regulator, and provider; detailed reports
SOC3 - less detailed reports certifying compliance with SOC2 results freely distributed

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CSA
CSPs
ERA
Cloud Control Matrix

A

CSA - Cloud Security Alliance

an organization to define cloud frameworks to assist CSPs in setting up and delivering secure cloud platforms; useful for consumers in selecting CSPs

CSPs - Cloud Service Providers

ERA - Enterprise Reference Architecture, best practices for architecting cloud solutions

Cloud Control Matrix - lists of specific controls and assessment guidelines for CSPs; baseline level of security a CSP should meet

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CIS

A

Center for Information Security

known for the 20 CIS controls

produces benchmarks for different aspects of cybersecurity (PCI DSS, ISO 2700, etc)

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

STIGs

A

STIGs - Security Technical Implementation Guides, a DOD Cyber Exchange guideline for hardening hw and sw

example of OS/Vendor guidelines

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

OWASP

A

Open Web Application Security Project

organization publishes the top 10 most critical app security risks

develops resources (Zed Attack Proxy and Juice Shop) to help investigate and understand pen testing and app security issues

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SOX

A

Sarbanes-Oxley Act

Due diligence - responsible persons have not been negligent in discharge of this duties
US regulation/legislation mandating implementation of risk assessments, internal controls and audit procedures

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Computer Security Act

A

Requires federal agencies develop security policies for computer systems which process confidential information

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

FISMA

A

Federal Information Security Management Act

governs the security of data processed by federal gov agencies

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

GLBA

A

Gramm-Leach-Bliley Act

Financial services legislation

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

HIPAA

A

Health Insurance Portability and Accountability Act

Health information protection legislation

lesson 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Security Control Categories

Study These Flashcards
A

Managerial
-controls that give oversight of the system

Operational
-controls that depend on a person for implementation

Technical
-controls implemented in operating systems, sw, and security appliances

lesson 1

22
Q

CIA Triad

Study These Flashcards
A

Secure information has 3 properties:

C - Confidentiality
-certain info should only be known to certain people

I - Integrity
-data is stored and transferred as intended, modifications are authorized

A - Availability
-information is accessible to those authorized to view or modify it

Non-repudiation
-a subject cannot deny doing something, such as creating, modifying, or sending a resource

23
Q

ACL

Study These Flashcards
A

Access Control List
very all encompassing term, could mean lots of things
used in firewalls and on file system objects (permissions)
is an example of a preventative security control

lesson 1

24
Q

Shadow IT

Study These Flashcards
A

IT systems deployed by others outside of central IT department as work around to short comings of the implemented IT system

example: installing an access point in your office

aka Rogue IT, Fake IT, Stealth IT

lesson 2

25
Vulnerability
Any weakness of a system which could cause a security breach, intentionally or unintentionally Asset value Ease of exploit lesson 2
26
Threat
``` Potential for a vulnerability to be exploited Internal/External Malicious/accidental Threat actor Threat vector ``` lesson 2
27
Risk
likelihood and impact of a threat actor exploiting a vulnerability Risk = vulnerability + threat Risk(likelihood * impact) lesson 2
28
Hats - white, black, grey
white hat - attacks performed for good, authorized/planed attacks black hat - attacks performed with malicious intent, unauthorized grey hat - mix of white and black hats, similar to fixing lock by breaking in and then fixing it with a note that it was fixed lesson 2
29
Script kiddies
untrained attackers, usually just using a script found on internet, etc. lesson 2
30
hacktivists
hacking to prove a point, not necessarily for malicious intent or for gain monetarily lesson 2
31
APT
Advanced Persistent Threat refers to the ongoing ability of an adversary to compromise network security to obtain and maintain access using a variety of tools and techniques used by State Actors who have nation backing, high amount of resources lesson 2
32
State Actor
state or nation backed attackers, usually military/secret services highly sophisticated use APT purpose of espionage and strategic advantage deniability false flag operations lesson 2
33
Insider threat actor
malicious has access (employees, contractors, partners) - wanting to sabotage, or for financial gain, business advantage - unintentional due to - weak policies/procedures and/or weak adherence to policy; - lack of training - Shadow IT lesson 2
34
Attack surface
points where attacker can discover/exploit vulnerabilities in a network or application lesson 2
35
Attack Vectors
``` how to access system direct access removable media email remote and wireless supply chain web and social media cloud ``` lesson 2
36
TTP
Tactics, techniques, and procedures a threat research source attempts to tell you how you are being attacked, identifies attackers describes what and how an attacker acts lesson 2
37
Honeypot | Honeynet
honeypot - a distraction system to trick attackers to attack honeynet - a network of honey pots intention is to learn about attackers and how they operate on give nssytem lesson 2
38
Honeypot | Honeynet
honeypot - a distraction system to trick attackers to attack honeynet - a network of honey pots intention is to learn about attackers and how they operate on give nssytem A form of threat research lesson 2
39
ISACs
Intelligence Sharing and Analysis Centers shares threat intelligence and promote best practices lesson 2
40
OSINT
Open source intelligence threat data sources a threat resource lesson 2
41
Threat Research Sources
is a counter intelligent gathering effort to discover tactics , techniques, and procedures (TTP) of attackers sources: security solution providers - companies to assist in this effort dark net dark web honeypot/nets
42
IOC
Indicator of Compromise a residual sign that an asset or network has been successfully attacked or is continuing to be attacked or evidence of a TTP describes how to recognize what attack actions might look like ``` examples: unauthorized sw and files suspicious emails suspicious registry and file system changes unknown port and protocol usage excessive bandwidth rogue hw service disruption and defacement suspicious or unauthorized account usage ``` lesson 2
43
STIX
Structured Threat Information eXpression threat data feed framework, syntax for describing Cyber Threat Intel (CTI) lesson 2
44
TAXII
Trusted Automated eXchange of Indicator Information a protocol for transmitting Cyber Threat Intel (CTI) data between server and clients lesson 2
45
AIS
Automated Indicator Sharing A service offered by Dept of Homeland Security (DHS) for companies to participate in threat intelligence sharing lesson 2
46
Threat Map
animated graphic showing the source, target, and type of attacks that have been detected by a CTI platform lesson 2
47
CVSS
Common Vulnerability Scoring System lesson 3
48
CVE
Common Vulnerabilities and Exposures a threat feed, a database of these items maintained by Mitre Information about vulnerabilities is codified as signatures and scanning scripts that can be supplied as feeds to automated vulnerability scanning software lesson 2
49
SIEM
Security Information and Event Management threat intel provider platform utilized AI to correlate CTI data with observed data from customer networks lesson 2
50
SOAR
Security Orchestration, Automation and Response a designed as a solution to the problem of the volume of alerts overwhelming analysts' ability to respond Can be combined with SIEM scan the organization's store of security and threat intelligence, analyze it using machine/deep learning techniques, and then use that data to automate and provide data enrichment for the workflows that drive incident response and threat hunting lesson 2

Study CompTia SY0-601 (24 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions