Security Plus Terms Flashcards by Keith Corbin

A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

AAA (authentication, authorization, and accounting)

How well did you know this?

Not at all

Perfectly

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

ABAC (attribute-based access control) .

How well did you know this?

Not at all

Perfectly

A collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).

Account Policies

How well did you know this?

Not at all

Perfectly

ACL (Access Control List)

How well did you know this?

Not at all

Perfectly

The practice of responding to a threat by destroying or deceiving a threat actor’s capabilities.

Active defense

How well did you know this?

Not at all

Perfectly

Using AI to identify vulnerabilities and attack vectors to circumvent security systems.

Adversarial AI (adversarial artificial intelligence)

How well did you know this?

Not at all

Perfectly

A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.

AES (Advanced Encryption Standard)

How well did you know this?

Not at all

Perfectly

A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations.

Agile model (Agile)

How well did you know this?

Not at all

Perfectly

An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

AH (authentication header)

How well did you know this?

Not at all

Perfectly

A type of network isolation that physically separates a network from all other networks.

Air gap

How well did you know this?

Not at all

Perfectly

Threat intelligence data feed operated by the (DHS), Department of Homeland Security.

AIS (Automated Indicator Sharing)

How well did you know this?

Not at all

Perfectly

The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE, Single Loss Expectancy by the Annual Rate of Occurrence (ARO). SLE x ARO=ALE

ALE (annual loss expectancy)

How well did you know this?

Not at all

Perfectly

A device that provides a connection between wireless devices and can connect to wired networks. Also known as wireless access point or WAP.

AP (access point)

How well did you know this?

Not at all

Perfectly

A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.

API (application programming interface)

How well did you know this?

Not at all

Perfectly

A Layer 7 firewall technology that inspects packets at the Application layer of the OSI model.

Application aware firewall

How well did you know this?

Not at all

Perfectly

Software designed to run on a server to protect a particular application such as a web server or SQL server.

Application firewall

How well did you know this?

Not at all

Perfectly

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

APT (advanced persistent threat)

How well did you know this?

Not at all

Perfectly

Producing programmable circuit boards for education and industrial prototyping.

Arduino Open-source platform

How well did you know this?

Not at all

Perfectly

In risk calculation, an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur.

ARO (annual rate of occurrence)

How well did you know this?

Not at all

Perfectly

An optional security feature of a switch that prevents excessive ARP replies from flooding a network segment.

ARP inspection

How well did you know this?

Not at all

Perfectly

A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.

ARP poisoning (ARP spoofing)

How well did you know this?

Not at all

Perfectly

A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.
Also known as (Elliptic Curve Cryptography) or ECC.

Asymmetric algorithm (Public Key)

How well did you know this?

Not at all

Perfectly

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)

How well did you know this?

Not at all

Perfectly

The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.

Attack surface

How well did you know this?

Not at all

Perfectly

A specific path by which a threat actor gains unauthorized access to a system. Also known as vector.

Attack vector

A PNAC (Port-based network access control) switch or router that activates EAPoL and passes a supplicant's authentication data to an authenticating server, such as a RADIUS server. EAPoL (Extensible Authentication Protocol (EAP) over LAN (EAPoL Protocol) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resource)

Authenticator

Using scripts and APIs to provision and deprovision systems without manual intervention.

Automation

The Sleuth Kit is an open source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools and also provides a case management/workflow tool. Also known as Sleuth Kit.

Autopsy

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

Availability

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.

BAS (building automation system)

The chip and firmware in a smartphone that acts as a cellular modem.

Baseband radio

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.

Baseline configuration

A command shell and scripting language for Unix-like systems.

Bash (Bourne again shell)

A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.

Bastion host

A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. Also known as behavior-based detection.

Behavioral analysis

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

BIA (business impact analysis)

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Birthday Attack

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Block Cipher

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Blockchain

The defensive team in a penetration test or incident response exercise.

Blue team

Sending an unsolicited message or picture message using a Bluetooth connection.

Bluejacking

A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.

Bluesnarfing

Report of boot state integrity data that is signed by a tamper-proof TPM key and reported to a network server.

Boot Attestation

A set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also known as zombie.

Botnet

Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.

BPA (business partnership agreement)

Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.

BPDU guard (Bridge Protocol Data Unit guard)

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Brute Force Attack

An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.

Buffer overflow

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

Bug bounty

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

BYOD (bring your own device)

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also known as C2.

C&C (command and control), C2

A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

CA (certificate authority)

Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.

Cable lock

A smart card that provides certificate-based authentication and supports two-factor authentication. A CAC is produced for Department of Defense employees and contractors in response to a Homeland Security Directive.

CAC (common access card)

A serial network designed to allow communications between embedded programmable logic controllers.

CAN bus (controller area network bus)

An image of text characters or audio of some speech that is difficult for a computer to interpret. CAPTCHAs are used for purposes such as preventing bots from creating accounts on web forums and social media sites to spam them.

CAPTCHA (completely automated public turing test to tell computers and humans apart)

A web page or website to which a client is redirected before being granted full network access.

Captive portal

Training event where learners must identify a token within a live network environment.

Capture the flag

Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.

Card cloning/skimming

The process of extracting data from a computer when that data has no associated file system metadata.

Carving

Enterprise management software designed to mediate access to cloud services by users across all types of devices.

CASB (cloud access security broker)

Linux command to view and combine (concatenate) files.

Cat command

An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block.

CBC (cipher block chaining)

An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

CCMP (counter mode with cipher block chaining message authentication code protocol)

A method of sanitizing a self-encrypting drive by erasing the media encryption key.

CE (cryptographic erase)

The record of evidence history from collection, to presentation in court, to disposal.

Chain of custody

The process by which the need for change is recorded and approved.

Change Control

The process through which changes to the configuration of information systems are implemented, as part of the organization's overall configuration management efforts.

Change Management

Developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.

CHAP (Challenge Handshake Authentication Protocol) Authentication scheme

The output of a hash function. chmod Linux command for managing file permissions.

Checksum

The three principles of security control and management. Also known as the information security triad. or AIC triad.

CIA triad (confidentiality, integrity, and availability)

A Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.

Circuit-level stateful inspection firewall

A not-for-profit organization (founded partly by SANS). It publishes the well-known "Top 20 Critical Security Controls" (or system design recommendations).

CIS (Center for Internet Security)

An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.

Clean desk policy

Classifying the ownership and management of a cloud as public, private, community, or hybrid.

Cloud deployment model

Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.

Cloud Security Alliance

Classifying the provision of cloud services and the limit of the cloud service provider's responsibility as software, platform, infrastructure, and so on. clustering A load balancing technique where a group of servers are configured as a unit and work together to provide network services.

Cloud service model

An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.

CN (common name)

Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.

COBO (corporate owned, business only)

Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice. Also known as ethics.

Code of conduct

Potentially unsecure programming practice of using code originally written for a different context.

Code reuse

The method of using a digital signature to ensure the source and integrity of programming code.

Code signing

A predetermined alternate location where a network can be rebuilt after a disaster.

Cold site

A network appliance that gathers or receives log and/or state data from other network systems.

Collector

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Collision

A cloud that is deployed for shared use by cooperating tenants.

Community cloud

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Compensating control

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access. containerization A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.

Confidentiality: Information has not been disclosed to unauthorized people. Integrity: Information has not been modified or altered without proper authorization. Availability: Information is able to be stored, accessed, or protected at all times.

A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).

Content filter

An access control scheme that verifies an object's identity based on various environmental factors, like time, location, and behavior.

Context-aware authentication

Software development method in which app and platform requirements are frequently tested and validated for immediate availability.

Continuous delivery

Software development method in which app and platform updates are committed to production rapidly.

Continuous deployment

Software development method in which code updates are tested and committed to a development or build server/code repository rapidly.

Continuous integration

The technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon. Also known as continuous security monitoring or CSM.

Continuous monitoring

Risk that arises when a control does not provide the level of mitigation that was expected.

Control risk

Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.

COPE (corporate owned, personally enabled)

A type of security control that acts after an incident to eliminate or minimize its impact. correlation Function of log analysis that links log and state data to identify a pattern that should be logged or alerted as an event.

Corrective control

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Counter mode (CTM)

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Credential stuffing

A list of certificates that were revoked before their expiration date.

CRL (certificate revocation list)

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Crossover error rate

A vendor offering public cloud service models, such as PaaS, IaaS, or SaaS.

CSP (cloud service provider)

A Base64 ASCII file that a subject sends to a CA to get a certificate.

CSR (certificate signing request)

The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. Also known as threat intelligence.

CTI (cyber threat intelligence)

Implementation of a sandbox for malware analysis.

Cuckoo

Utility for command-line manipulation of URL-based protocol requests.

Curl command

Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

CVE (Common Vulnerabilities and Exposures)

A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.

CVSS (Common Vulnerability Scoring System)

Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.

CYOD (choose your own device)

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource's owner (or owners).

DAC (discretionary access control)

Information that is primarily stored on specific media, rather than moving from one medium to another.

Data at rest

When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.

Data breach

In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.

Data controller

An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

Data custodian

The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.

Data exfiltration

A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.

Data exposure

The overall management of the availability, usability, and security of the information used in an organization.

Data governance

Information that is present in the volatile memory of a host, such as system memory or cache.

Data in processing

Information that is being transmitted between two hosts, such as over a private network or the Internet. Also known as data in motion.

Data in transit

A de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.

Data masking

In data protection, the principle that only necessary and sufficient personal information can be collected and processed for the stated purpose.

Data minimization

A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.

Data owner

In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.

Data processor

Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.

Data remnant

In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.

Data sovereignty

An individual who is primarily responsible for data quality, ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.

Data steward

A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.

DHCP snooping

Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.

dd command

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

DDoS attack (distributed denial of service attack)

Code in an application that is redundant because it will never be called within the logic of the program flow.

Dead code

Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.

De-authentication/disassociation

Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.

Deception and disruption

Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.

Default account

A security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright.

Defense in depth

The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive's magnetic charge.

Degaussing

In data protection, methods and technologies that remove identifying information from data before it is distributed.

De-identification

The process of removing an application from packages or instances.

Deprovisioning

The binary format used to structure the information in a digital certificate.

DER (distinguished encoding rules)

A type of security control that acts during an incident to identify or record that it is happening.

Detective control

A type of security control that discourages intrusion attempts.

Deterrent control

A cryptographic technique that provides secure key exchange.

DH (Diffie-Hellman)

An attack in which an attacker responds to a client requesting address assignment from a DHCP server.

DHCP spoofing (Dynamic Host Configuration Protocol spoofing)

A framework for analyzing cybersecurity incidents.

Diamond Model

A type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Dictionary attack

A backup type in which all selected files that have changed since the last full backup are backed up.

Differential backup

The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.

DiffServ

A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity.

Digital signature

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Directory service

An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.

Directory traversal

Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.

Diversity

A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

DLP (data loss/leak prevention)

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

DMZ (demilitarized zone)

NAT service where private internal addresses are mapped to one or more public addresses to facilitate Internet connectivity for hosts on a local network via a router.

DNAT (destination network address translation)

An attack in which an attacker modifies a computer's DNS configurations to point to a malicious DNS server.

DNS hijacking (Domain Name System hijacking)

A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing.

DNS poisoning (Domain Name System poisoning)

A security protocol that provides authentication of DNS data and upholds DNS data integrity.

DNSSEC (Domain Name System Security Extensions)

A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.

Domain hijacking

Any type of physical, application, or network attack that affects the availability of a managed resource.

DoS attack (denial of service attack)

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Downgrade attack

Institutional data governance role with responsibility for compliant collection and processing of personal and sensitive data.

DPO (data privacy officer)

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

DRP (disaster recovery plan)

Public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

DSA (Digital Signature Algorithm)

File containing data captured from system memory.

Dump file

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

Dumpster diving (Dumpster)

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

EAP (Extensible Authentication Protocol)

An EAP method that is expected to address the shortcomings of LEAP.

EAP-FAST (EAP Flexible Authentication via Secure Tunneling)

A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.

EAPoL (Extensible Authentication Protocol over LAN)

An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.

EAP-TLS (EAP Transport Layer Security)

An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate.

EAP-TTLS (EAP Tunneled Transport Layer Security)

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

East-west traffic

An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.

ECC (Elliptic Curve Cryptography)

Provisioning processing resource close to the network edge of IoT devices to reduce latency.

Edge Computing

Procedures and tools to collect, preserve, and analyze digital evidence.

E-discovery

A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

EDR (Endpoint Detection and Response)

In risk calculation, the percentage of an asset's value that would be lost during a security incident or disaster scenario.

EF (exposure factor)

The property by which a computing environment can instantly react to both increasing and decreasing demands in workload.

Elasticity

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Entropy

Product life cycle phase where sales are discontinued and support options reduced over time.

EOL (End of Life)

Product life cycle phase where support is no longer available from the vendor.

EOSL (End of Service Life)

A software agent and monitoring system that performs multiple security tasks.

EPP (Endpoint Protection Platform)

The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.

ERM (Enterprise Risk Management)

Coding methods to anticipate and deal with exceptions thrown during execution of a process.

Error handling

In key management, the storage of a backup key with a third party.

Escrow

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

ESP (Encapsulating Security Protocol)

A wireless access point that deceives users into believing that it is a legitimate network access point.

Evil twin

The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.

Execution control

Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.

Exploitation framework

A private network that provides some access to outside parties, particularly vendors, partners, and select customers.

Extranet

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Failover

Deception strategy that returns spoofed data in response to network probes.

Fake telemetry

In security scanning, a case that is not reported when it should be.

False negative

In security scanning, a case that is reported when it should not be.

False positive

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

FAR (False Acceptance Rate)

A wire mesh container that blocks external electromagnetic fields from entering into the container.

Faraday cage

High speed network communications protocol used to implement SANs.

FC (Fibre Channel)

Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.

FDE (Full Disk Encryption)

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Federation

A type of software that reviews system files to ensure that they have not been tampered with.

FIM (File Integrity Monitoring)

Biometric authentication device that can produce a template signature of a user's fingerprint then subsequently compare the template to the digit submitted for authentication.

Fingerprint scanner

The first experienced person or team to arrive at the scene of an incident.

First responder

Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.

Fog computing

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.

FPGA (field Programmable Gate Array)

Biometric assessment metric that measures the number of valid subjects who are denied access.

FRR (False Rejection Rate)

A commercial digital forensics investigation management and utilities suite, published by AccessData.

FTK (Forensic Toolkit)

A type of FTP using TLS for confidentiality. FTPS (also known as FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols.

FTPS

A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.

Full backup

A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

Fuzzing

Biometric mechanism that identifies a subject based on movement pattern.

Gait analysis

A mode of block chained encryption that provides message authenticity for each block.

GCM (Galois/Counter Mode)

Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements.

GDPR (General Data Protection Regulation)

The practice of creating a virtual boundary based on real-world geography.

Geofencing

The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.

Geolocation

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

GPO (Group Policy Object)

Linux command for searching and filtering input. This can be used as a file search tool when combined with ls. Grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command g/re/p (globally search for a regular expression and print matching lines), which has the same effect. Grep was originally developed for the Unix operating system, but later available for all Unix-like systems and some others such as OS-9.

Grep command

A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.

Group account

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

HA (high availability)

The process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.

Hardening

Command-line tool used to perform brute force and dictionary attacks against password hashes. Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows. Examples of hashcat-supported hashing algorithms are LM hashes, MD4, MD5, SHA-family and Unix Crypt formats as well as algorithms used in MySQL and Cisco PIX.

Hashcat

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also known as Message Digest.

Hashing

Linux utility for showing the first lines in a file. "Head" is a program on Unix and Unix-like operating systems used to display the beginning of a text file or piped data. Syntax The command syntax is: head [options] By default, head will print the first 10 lines of its input to the standard output. The number of lines printed may be changed with a command line option. The following example shows the first 20 lines of filename: head -n 20 filename This displays the first 5 lines of all files starting with foo: head -n 5 foo*

Head command

In a Wi-Fi site survey, a diagram showing signal strength at different locations.

Heat map

A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.

Heuristic analysis (heuristic)

A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.

HMAC (hash-based message authentication code)

Method that allows computation of certain fields in a dataset without decrypting it. Homomorphic encryption is a form of encryption that allows computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that produced had the operations been performed on the unencrypted data. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and out-sourced to commercial cloud environments for processing, all while encrypted. For sensitive data, such as health care information, homomorphic encryption can be used to enable new services by removing privacy barriers inhibiting data sharing or increase security to existing services. For example, predictive analytics in health care can be hard to apply via a third party service provider due to medical data privacy concerns, but if the predictive analytics service provider can operate on encrypted data instead, these privacy concerns are diminished. Moreover, even if the service provider's system is compromised, the data would remain secure.

Homomorphic encryption

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also known as honeyfile.

Honeypot (honeynet)

When a user accesses or modifies specific resources that they are not entitled to.

Horizontal privilege escalation

A software application running on a single host and designed to protect only that host. Also known as personal firewall.

Host-based firewall

A fully configured alternate network that can be online quickly after a disaster.

Hot site

Arrangement of server racks to maximize the efficiency of cooling systems. Also known as cold/hot aisle.

Hot/cold aisle

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

HOTP (HMAC-based One-time Password)

An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

HSM (hardware security module)

Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).

HTML5 VPN

A cloud deployment that uses both private and public elements.

Hybrid cloud

A computing method that uses the cloud to provide any or all infrastructure needs.

IaaS (Infrastructure as a Service)

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.

IaC (Infrastructure as code)

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.

IAM (Identity and Access Management)

A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

ICS (Industrial Control System)

The invention of fake personal information or the theft and misuse of an individual's personal information.

Identity fraud

In a federated network, the service that holds the user account and performs authentication.

IdP (Identity Provider)

A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.

IDS (Intrusion Detection System)

A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication. Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. EAP is in wide use. For example, in IEEE 802.11 (WiFi) the WPA and WPA2 standards have adopted IEEE 802.1X (with various EAP types) as the canonical authentication mechanism.

IEEE 802.1X

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

IKE (Internet Key Exchange)

A basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

Implicit deny

A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Incremental backup

Methods of disguising the nature and purpose of buildings or parts of buildings.

Industrial camouflage

Risk that an event will pose if no controls are put in place to mitigate it.

Inherent risk

Any technique used to ensure that the data entered into a field or variable in an application is handled appropriately by that application.

Input validation

Coding vulnerability where unvalidated input is used to select a resource object, such as a file or database.

Insecure object reference

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Insider threat

An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow. integrity The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

Integer Overflow

In threat hunting, using sources of threat intelligence data to automate detection of adversary IoCs and TTPs. Tactics, Techniques, and Procedures (TTPs) IoC (Indicator of Compromise)

Intelligence Fusion

A private network that is only accessible by the organization's own personnel.

Intranet

A sign that an asset or network has been attacked or is currently under attack.

IoC (indicator of compromise)

Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.

IPAM (IP Address Management)

Standards-based version of the Netflow framework.

IPFIX (IP Flow Information Export)

An IDS that can actively block attacks.

IPS (Intrusion Prevention System)

A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet.

IPSec (Internet Protocol Security)

Specific procedures that must be performed if a certain type of event is detected or reported.

IRP (Incident Response Plan)

Any federal agency interconnecting its IT system to a third-party must create an ISA to govern the relationship. An ISA sets out a security risk awareness process and commits the agency and supplier to implementing security controls.

ISA (Interconnection Security Agreement)

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.

ISAC (Information Sharing and Analysis Center)

A comprehensive set of standards for information security, including best practices for security and risk management, compliance, and technical implementation.

ISO/IEC 27K (International Organization for Standardization 27000 Series)

A comprehensive set of standards for enterprise risk management.

ISO/IEC 31K (International Organization for Standardization 31000 Series)

A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network.

IV attack (Initialization Vector Attack)

An attack in which radio waves disrupt 802.11 wireless signals.

Jamming

The policy of preventing any one individual performing the same role or tasks for too long. This deters fraud and provides better oversight of the person's duties.

Job rotation

A hardened server that provides access to other hosts. Also known as jumpbox.

Jump server

A single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

Kerberos

Malicious software or hardware that can record user keystrokes.

Keylogger

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

Kill chain

VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

L2TP (Layer 2 Tunneling Protocol)

The process by which an attacker is able to move from one part of a computing environment to another.

Lateral Movement

A network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

LDAP (Lightweight Directory Access Protocol)

An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.

LDAP injection

A method of implementing LDAP using SSL/TLS encryption.

LDAPS (Lightweight Directory Access Protocol Secure)

Cisco Systems' proprietary EAP implementation.

LEAP (Lightweight Extensible Authentication Protocol)

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Least privilege

Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.

Lightweight cryptography

An analysis of events that can provide insight into how to improve response processes in the future. Also known as (after action report) or AAR.

LLR (Lessons Learned Report)

A type of switch or router that distributes client requests between different resources, such as communications links or similarly-configured servers. This provides fault tolerance and improves throughput.

Load balancer

Linux utility that writes data to the system log.

Logger command

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Logic bomb

If broadcast traffic is allowed to continually loop around a network, the number of broadcast packets increases exponentially, crashing the network. Loop protection in switches (such as Spanning Tree Protocol), and in routers (Time To Live for instance) is designed to prevent this.

Loop protection

Cloud service providing ongoing security and availability monitoring of on-premises and/or cloud-based hosts and services.

MaaS (Monitoring as a Service)

Access control model where resources are protected by inflexible, system defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

MAC (Mandatory Access Control)

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

MAC (Message Authentication Code)

An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface. Also known as MAC spoofing.

MAC cloning (Media Access Control cloning)

Applying an access control list to a switch or access point so that only clients with approved MAC addresses can connect to it.

MAC filtering (Media Access Control filtering)

A variation of an ARP poisoning attack where a switch's cache table is inundated with frames from random source MAC addresses.

MAC flooding

Enterprise management function that enables control over apps and storage for mobile devices and other endpoints.

MAM (mobile application management)

A category of security control that gives oversight of the information system.

Managerial control

The principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review.

Mandatory vacations

In threat hunting, the concept that threat actor and defender may use deception or counterattacking strategies to gain positional advantage.

Maneuver

A secure entry system with two gateways, only one of which is open at any one time.

Mantrap (access control vestibule)

A cryptographic hash function producing a 128-bit output.

MD5 (Message Digest Algorithm v5)

The process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.

MDM (Mobile Device Management)

A UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

Measured boot

A business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

MEF (Mission Essential Function)

Linux utility developed as part of the Coroner's Toolkit to dump system memory data to a file.

Memdump command

A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability.

Memory leak

Information stored or recorded as a property of an object, state of a system, or transaction.

Metadata

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

MFA (Multifactor Authentication)

A software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology.

Microservices

A type of RAID that using two hard disks, providing the simplest way of protecting a single disk against failure. Data is written to both disks and can be read from either disk.

Mirroring

An attack when the web browser is compromised by installing malicious plug-ins or scripts, or intercepting API calls between the browser process and DLLs.

MitB attack (Man-in-the-Browser attack)

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

MitM attack (Man-in-the-Middle attack)

Extension to SMS allowing digital data (picture, video, or audio) to be sent over a cellular data connection.

MMS (Multimedia Messaging Service)

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Mode of operation

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

MoU (Memorandum of Understanding)

Developed by Cisco from ATM as a means of providing traffic engineering (congestion control), Class of Service, and Quality of Service within a packet switched, rather than circuit switched, network.

MPLS (Multiprotocol Label Switching)

Evaluates the data collection and statistical methods used by a quality management process to ensure they are robust.

MSA (Measurement Systems Analysis)

Third-party provision of security configuration and monitoring as an outsourced service.

MSSP (Managed Security Service Provider)

The rating on a device or component that predicts the expected time between failures.

MTBF (Mean Time Between Failures)

The longest period of time a business can be inoperable without causing irrevocable business failure.

MTD (Maximum Tolerable Downtime)

The average time a device or component is expected to be in operation.

MTTF (mean time to failure)

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

MTTR (mean time to repair/replace/recover)

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Multi-cloud

Overprovisioning controllers and cabling so that a host has failover connections to storage media.

Multipath

A general term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level.

NAC (Network Access Control)

Low-power cellular networks designed to provide data connectivity to IoT devices.

Narrow-band

A routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

NAT (network address translation)

Utility for reading and writing raw data over a network connection. Also known as netcat.

Ncat

An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.

NDA (non-disclosure agreement)

One of the best-known commercial vulnerability scanners, produced by Tenable Network Security. Also known as Tenable.

Nessus

A Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts.

Netflow

A standard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies. NFC is based on RFID.

NFC (Near Field Communication)

Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.

NFV (network functions virtualization)

Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection. Also known as layer 7 firewall

NGFW (next generation firewall) .

Versatile port scanner used for topology, host, service, and OS discovery and enumeration.

Nmap

An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks.

Nonce

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Non-repudiation

A routine that applies a common consistent format to incoming data so that it can be processed safely. Normalization is referred to in the context of log collection and software coding.

Normalization

A challenge-response authentication protocol created by Microsoft for use in its products.

NTLM authentication (NT LAN Manager authentication)

Software optimized for multi-platform log collection and aggregation.

nxlog

An industry body comprising the main PKI providers, such as Verisign and Entrust, that was established with the aim of developing an open, strong authentication framework.

OATH (Initiative for Open Authentication)

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

OAuth (Open Authorization)

A technique that essentially "hides" or "camouflages" code or other information so that it is harder to read by unauthorized users.

Obfuscation

Allows clients to request the status of a digital certificate, to check whether it is revoked.

OCSP (Online Certificate Status Protocol)

The process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also known as exit interview.

Offboarding

In PKI, a CA (typically the root CA) that has been disconnected from the network to protect it from compromise.

Offline CA (offline certificate authority)

An authentication layer that sits on top of the OAuth 2.0 authorization protocol.

OICD (OpenID Connect)

Numeric schema used for attributes of digital certificates. onboarding The process of bringing in a new employee, contractor, or supplier.

OID (object identifier)

Accessing the administrative interface of a network appliance using a separate network from the usual data network. This could use a separate VLAN or a different kind of link, such as a dial-up modem.

OOB (out-of-band management)

Standards for implementing device encryption on storage devices. operational control A category of security control that is implemented by people.

Opal

The automation of multiple steps in a deployment process. order of volatility The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs.

Orchestration

Publicly available information plus the tools used to aggregate and search it.

OSINT (Open-Source Intelligence)

A communications network designed to implement an industrial control system rather than data networking.

OT (Operational Technology)

A firmware update delivered on a cellular data connection. output encoding Coding methods to sanitize output created from user input.

OTA (Over the Air)

A charity and community publishing a number of secure application development resources.

OWASP (Open Web Application Security Project)

Format that allows a private key to be exported along with its digital certificate.

P12 (Public Key Cryptography Standard #12)

File format for transmitting a chain of digital certificates, using PKCS#7.

P7B

A computing method that uses the cloud to provide any platform-type services.

PaaS (Platform as a Service)

Framework for implementing authentication providers in Linux.

PAM (Pluggable Authentication Module)

An enumeration or vulnerability scan that analyzes only intercepted network traffic rather than sending probes to a target. More generally, passive reconnaissance techniques are those that do not require direct interaction with the target.

Passive scan

Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications. Also known as network address port translation (NAPT) or NAT overloading.

PAT (port address translation)

Identifying, testing, and deploying OS and application updates. Patches are often classified as critical, security-critical, recommended, and optional.

Patch management

Information security standard for organizations that process credit or bank card payments.

PCI DSS (Payment Card Industry Data Security Standard)

Advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

PDU (Power Distribution Unit)

EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method.

PEAP (Protected Extensible Authentication Protocol)

Base64 encoding scheme used to store certificate and key data as ASCII text.

PEM (privacy-enhanced mail)

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system. A pen test will verify that a threat exists, then will actively test and bypass security controls, and will finally exploit vulnerabilities on the system. Also known as pentest.

Penetration testing

Mechanism for encoding characters as hexadecimal values delimited by the percent sign.

Percent encoding

In load balancing, the configuration option that enables a client to maintain a connection with a load-balanced server over the duration of the session. Also referred to as sticky sessions.

Persistence (Load Balancing)

In cybersecurity, the ability of a threat actor to maintain covert access to a target host or network.

Persistence

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

PFS (Perfect Forward Secrecy)

Windows file format for storing a private key and certificate data. The file can be password-protected.

PFX (Personal Information Exchange)

An impersonation attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.

Pharming

Information that identifies someone as the subject of medical and insurance records, plus associated hospital and laboratory test results.

PHI (Protected/Personal Health Information)

A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Phishing

A type of security control that acts against in-person intrusion attempts.

Physical control

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

PII (personally identifiable information)

A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Pinning

A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner.

PIV card (personal identity verification card)

Series of standards defining the use of certificate authorities and digital certificates.

PKCS (public key cryptography standards)

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

PKI (public key infrastructure)

A checklist of actions to perform to detect and respond to a specific type of incident PLC (programmable logic controller) A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.

Playbook

A switch (or router) that performs some sort of authentication of the attached device before activating the port.

PNAC (port-based network access control)

A software vulnerability that can occur when code attempts to read a memory location specified by a pointer, but the memory location is null. Also known as dereferencing.

Pointer dereferencing

A point-to-point topology is one where two nodes have a dedicated connection to one another. In a point-to-multipoint topology, a central node mediates links between remote nodes. Also known as Point-to-point.

Point-to-Point/Point-to Multipoint Topology

A process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN. Also known as destination network address translation or DNAT.

Port forwarding

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. Also known as switched port analyzer or SPAN.

Port mirroring

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Port security

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have access to significant quantum processing capability.

Post-quantum

A command shell and scripting language built on the .NET Framework.

PowerShell

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks

PPP (Point to Point Protocol)

Developed by Cisco and Microsoft to support VPNs over PPP and TCP/IP. PPTP is highly vulnerable to password cracking attacks and considered obsolete.

PPTP (Point-to-Point Tunneling Protocol)

A cloud that is deployed for use by a single entity.

Private cloud

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Private key

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.

Privilege access management

The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application.

Privilege escalation

In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.

Provenance

A server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance. Also known as forward proxy.

Proxy server

Removing personal information from a data set to make identification of individuals difficult, even if the data set is combined with other sources.

Pseudo-anonymization

Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

PSK (pre-shared key)

A network-based attack where the attacker steals hashed user credentials and uses them as-is to try to authenticate to the same network the hashed credentials originated on.

PtH attack (Pass the Hash Attack)

A cloud that is deployed for shared use by multiple independent tenants.

Public cloud

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Public key

Software that cannot definitively be classed as malicious, but may not have been chosen by or wanted by the user.

PUP (Potentially Unwanted Program)

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement. purpose limitation In data protection, the principle that personal information can be collected and processed only for a stated purpose to which the subject has consented.

Purple team

High-level programming language that is widely used for automation.

Python

Policies, procedures, and tools designed to ensure defect-free development and delivery.

QA (Quality Assurance)

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.

QoS (Quality of Service)

A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.

Qualitative analysis

A risk analysis method that is based on assigning concrete values to factors.

Quantitative analysis

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in "classical" computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Quantum cryptography

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

RA (Recovery Agent)

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

RA (Registration Authority)

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Race condition

A standard protocol used to manage remote and wireless authentication infrastructures.

RADIUS (Remote Authentication Dial-in User Service)

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems. rainbow table Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

RAID (redundant array of independent/ inexpensive disks)

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.

Ransomware

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Raspberry Pi

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

RAT (Remote Access Trojan)

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

RBAC (role-based access control)

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

RCS (Rich Communication Services)

The "hostile" or attacking team in a penetration test or incident response exercise. regex (regular expression) A group of characters that describe how to execute a specific search pattern on a given text.

Red team

An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.

Replay Attack

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Replication

Risk that remains even after controls are put into place.

Residual risk

Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.

Retention policy

A type of proxy server that protects servers from direct contact with client requests.

Reverse Proxy

A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.

Reverse Shell

The response of determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed.

Risk Acceptance

In risk mitigation, the practice of ceasing activity that presents risk.

Risk avoidance

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.

Risk deterrence

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.

Risk matrix/heat map

The response of reducing risk to fit within an organization's risk appetite.

Risk mitigation

A document highlighting the results of risk assessments in an easily comprehensible format (such as a "traffic light" grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Risk Register

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Risk Transference

In ESA, a framework that uses risk assessment to prioritize security control selection and investment.

Risk-Based Framework .

A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.

Robot Sentry

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Root CA (Root Certificate Authority)

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Rootkit

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Router Firewall

Rules that govern how routers communicate and forward traffic between networks.

Routing Protocols

The longest period of time that an organization can tolerate lost data being unrecoverable.

RPO (Recovery Point Objective)

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

RSA (Rivest Shamir Adelman)

Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.

RTBH (Remote Triggered black hole)

The length of time it takes after an event to resume normal business operations and activities.

RTO (Recovery Time Objective)

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

RTOS (Real-Time Operating system)

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

RTP (Real-time Transport Protocol)

A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Rule-Based Access Control

An automated version of a playbook that leaves clearly defined interaction points for human analysis.

Runbook

An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

A computing method that uses the cloud to provide application services to users.

SaaS (Software as a Service)

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

SAE (Simultaneous Authentication of Equals)

A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ("salting") each plaintext input.

Salt

An XML-based data format used to exchange authentication information between a client and a service.

SAML (Security Assertion Markup Language)

Field in a digital certificate allowing a host to be identified by multiple host names/subdomains.

SAN (Subject Alternative Name)

A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited.

Sandbox

The process of thorough and completely removing data from a storage medium so that file remnants cannot be recovered.

Sanitization

Developed from parallel SCSI, SAS represents the highest performing hard disk interface available.

SAS (Serial Attached Small Computer Systems Interface)

A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas.

SCADA (Supervisory Control and Data Acquisition)

The property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.

Scalability

Utility that runs port scans through third-party websites to evade detection.

Scanless

A NIST framework that outlines various accepted practices for automating vulnerability scanning.

SCAP (Security Content Automation Protocol)

A dual-homed proxy/gateway server used to provide Internet access to other network nodes, while protecting them from external attack.

Screened host

An inexperienced, unskilled attacker that typically uses tools or scripts created by others.

Script Kiddie

Coding resources provided by a vendor to assist with development projects that use their platform or API.

SDK (Software Development Kit)

APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.

SDN (Software Defined Networking)

APIs for reporting configuration and state data for automated monitoring and alerting.

SDV (Software Defined Visibility)

A method of sanitizing a drive using the ATA command set.

SE (Secure Erase)

Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation.

SEAndroid (Security-Enhanced Android)

A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security.

SECaaS (Security as a Service)

A UEFI feature that prevents unwanted processes from executing during the boot operation.

Secure boot

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Security control

A disk drive where the controller can automatically encrypt data that is written to it.

SED (Self-Encrypting Drive)

A portion of a network where all attached hosts can communicate freely with one another.

Segment

A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited

SEH (Structured Exception Handler)

A digital certificate that has been signed by the entity that issued it, rather than by a CA.

Self-signed certificate

Devising an AI/ML algorithm that can describe or classify the intention expressed in natural language statements.

Sentiment Analysis

A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Separation of Duties

A digital certificate that guarantees the identity of e-commerce sites and other websites that gather and store confidential information.

Server Certificate

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.

Serverless

In a web application, input data that is executed or validated as part of a script or process running on the server.

Server-Side

A host or network account that is designed to run a background service, rather than to log on interactively.

Service account

A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question. Also known as source IP affinity.

Session Affinity

A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host's IP address. sflow Web standard for using sampling to record network traffic statistics.

Session Hijacking

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.

SFTP (Secure File Transfer Protocol)

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.

SHA (Secure Hash Algorithm)

Computer hardware, software, or services used on a private network without authorization from the system owner.

Shadow IT

An account with no credential (guest) or one where the credential is known to multiple persons.

Shared account

Lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Shellcode

The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.

Shimming

A social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

Shoulder surfing

The value assigned to an account by Windows and that is used by the operating system to identify that account.

SID (Security Identifier)

A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

SIEM (Security Information and Event Management)

A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.

Signature-Based Detection

A small chip card that identifies the user and phone number of a mobile device, via an International Mobile Subscriber Identity (ISMI).

SIM (Subscriber Identity Module)

A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.

Sinkhole

Used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/ video), and session management and termination.

SIP (Session Initiation Protocol)

Operating procedures and standards for a service contract.

SLA (Service Level Agreement)

The amount that would be lost in a single occurrence of a particular risk factor.

SLE (Single Loss Expectancy)

A device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip.

Smart card

A utility meter that can submit readings to the supplier without user intervention.

Smart meter

A form of phishing that uses SMS text messages to trick a victim into revealing information.

SMiShing

Software utility designed for penetration testing reporting and evidence gathering that can also run automated test suites.

sn1per

Protocol for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

SNMP (Simple Network Management Protocol)

A software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology.

SOA (service-oriented architecture)

An XML-based web services protocol that is used to exchange messages.

SOAP (Simple Object Access Protocol)

A class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment.

SOAR (Security Orchestration, Automation, and Response)

A processor that integrates the platform functionality of multiple logical controllers onto a single chip.

SoC (System-on-Chip)

An email-based or web-based form of phishing which targets specific individuals.

Spear phishing

A spam attack that is propagated through instant messaging rather than email.

SPIM (Spam Over Internet Messaging)

VPN configuration where only traffic for the private network is routed via the VPN gateway.

Split tunnel

A component or system that would cause a complete interruption of a service if it failed.

SPoF (Single Point of Failure)

An attack that injects a database query into the input data directed at a server by accessing the client side of the application.

SQL injection (Structured Query Language Injection)

Audit specifications designed to ensure that cloud/hosting providers meet professional standards. A SOC2 Type II report is created for a restricted audience, while SOC3 reports are provided for general consumption.

SSAE SOC (Statements on Standards for Attestation Engagements Service Organization Control)

A remote administration and file-copy program that supports VPNs by using port forwarding, and that runs on TCP port 22.

SSH (Secure Shell)

A character string that identifies a particular wireless LAN (WLAN).

SSID (Service set Identifier)

An authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

SSO (Single Sign-On)

A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.

SSTP (Secure Socket Tunneling Protocol)

Applying consistent names and labels to assets and digital resources/identities within a configuration management system.

Standard Naming Convention

Mechanism used to mitigate performance and privacy issues when requesting certificate status from an OCSP (Online Certificate Status Protocol) responder

Stapling

A type of threat actor that is supported by the resources of its host country's military and security services. Also known as nation state actor.

State actor

Information about sessions between hosts that is gathered by a stateful firewall.

State table

A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.

Stateful inspection

A technique for obscuring the presence of a message, often by embedding information within a file or other entity.

Steganography

A framework for analyzing cybersecurity incidents.

STIX (Structured Threat Information eXpression)

One of a set of pre-compiled database statements that can be used to validate input to a database.

Stored Procedure

A switching protocol that prevents network loops by dynamically disabling links as needed.

STP (Spanning Tree Protocol)

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Stream Cipher

A software testing method that evaluates how software performs under extreme load.

Stress Test

In EAP architecture, the device requesting access to the network. What is the Extensible Authentication Protocol? The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. EAP is used on encrypted networks to provide a secure way to send identifying information to provide network authentication. It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.

Supplicant

An appliance or proxy server that mediates client connections with the Internet by filtering spam and malware and enforcing access restrictions on types of sites visited, time spent, and bandwidth consumed.

SWG (Secure Web Gateway)

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Symmetric Encryption

A protocol enabling different appliances and software applications to transmit logs or event records to a central server.

Syslog

An AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

TACACS+ (Terminal Access Controller Access Control System Plus)

Linux utility for showing the last lines in a file.

Tail command

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Tailgating

A hardware device inserted into a cable to copy frames for analysis.

TAP (Test Access Port)

Tape media provides robust, high-speed, high-capacity backup storage. Tape drives and autoloader libraries can be connected to the SATA and SAS buses or accessed via a SAN.

Tape

A command-line packet sniffing utility. tcpdump is a packet sniffing and packet analyzing tool for a System Administrator to troubleshoot connectivity issues in Linux. It is used to capture, filter, and analyze network traffic such as TCP/IP packets going through your system. It is many times used as a security tool as well. It saves the captured information in a pcap file, these pcap files can then be opened through Wireshark or through the command tool itself.

Tcpdump Command

A command-line utility that replays packets saved to a file back through a network adapter.

Tcpreplay Command

A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.

Technical Control

Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Also known as hotspot.

Tethering

Utility for gathering results from open source intelligence queries.

theHarvester

An access point that requires a wireless controller in order to function.

Thin AP

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Third-party risks

The person or entity responsible for an event that has been identified as a security incident or as a risk.

Threat actor

Cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring.

Threat hunting

Animated map showing threat sources in near real-time.

Threat Map

Policies or configuration settings that limit a user's access to resources.

Time of Day Restrictions

In forensics, identifying whether a time zone offset has been applied to a file's time stamp.

Time Offset

In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.

Timeline

A mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

TKIP (Temporal Key Integrity Protocol)

A security protocol that uses certificates for authentication and encryption to protect web communication.

TLS (Transport Layer Security)

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.

TOCTTOU (Time of Check to Time of Use)

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Token

A de-identification method where a unique token is substituted for real data.

Tokenization

An improvement on HOTP that forces one-time passwords to expire after a short period of time.

TOTP (Time-based One-time Password)

A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. transit gateway In cloud computing, a virtual router deployed to facilitate connections between VPC subnets and VPN gateways.

TPM (Trusted Platform Module)

The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or better understand past events.

Trend Analysis

A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer. Also known as Trojan.

Trojan

Analysis of historical cyber-attacks and adversary actions.

TTP (Tactics, Techniques, and Procedures)

An attack—also called typosquatting—in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website. Also known as URL hijacking.

Typo squatting

A system that can provide automated identification of suspicious activity by user accounts and computer hosts.

UEBA (User and Entity Behavior Analytics)

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

UEM (Unified Endpoint Management)

Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.

USB data blocker (Universal Serial Bus Data Blocker)

All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so on.

UTM (Unified Threat Management)

A secure room with walls and gateway hardened against physical assault.

Vault

Programming languages used to implement macros and scripting in Office document automation.

VBA (Visual Basic for Applications)

The user desktop and software applications provisioned as an instance under VDI.

VDE (Virtual Desktop Environment)

A virtualization implementation that separates the personal computing environment from a user's physical computer.

VDI (Virtual Desktop Infrastructure)

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

Vendor Management

Code designed to infect computer files (or disks) when it is activated.

Virus

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Vishing

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

VLAN (Virtual Local Area Network)

An attack where malware running in a VM is able to interact directly with the hypervisor or host kernel.

VM Escaping (Virtual Machine Escaping)

Configuration vulnerability where provisioning and deprovisioning of virtual assets is not properly authorized and monitored.

VM sprawl (Virtual Machine Sprawl)

A private network segment made available to a single cloud consumer on a public cloud.

VPC (Virtual Private Cloud)

A secure tunnel created between two endpoints connected via an unsecure network (typically the Internet).

VPN (Virtual Private Network)

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Vulnerability

An evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

Vulnerability Assessment

A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.

WAF (Web Application Firewall)

The practice of using a Wi-Fi sniffer to detect WLANs and then either making use of them (if they are open/unsecured) or trying to break into them (using WEP and WPA cracking tools).

War Driving

A location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

Warm Site

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Watering Hole Attack

A legacy mechanism for encrypting data sent over a wireless connection.

WEP (Wired Equivalent Privacy)

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

Whaling

The Staff administering, evaluating, and supervising a penetration test or incident response exercise.

White Team

A Forensics tool for Windows that allows collection and inspection of binary code in disk and memory images.

WinHex

A type of malware that replicates in system memory and can spread over network connections rather than infecting files.

Worm

Standards for authenticating and encrypting access to Wi-Fi networks. Also known as WPA2, WPA3.

WPA (Wi-Fi Protected Access)

A feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.

WPS (Wi-Fi Protected Setup)

Expressing the concept that most types of IT requirements can be deployed as a cloud service model.

XaaS (Anything as a Service)

An Attack method where malicious XML is passed as input to exploit a vulnerability in the target app.

XML Injection Attack

An operation that outputs to true only if one input is true and the other input is false.

XOR (Exclusive OR)

A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. Also known as client-side request forgery or CSRF.

XSRF (Cross-Site Request Forgery)

A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.

XSS (Cross-Site Scripting)

A Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.

Zero Trust Security

A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Zero-day

A method of sanitizing a drive by setting all bits to zero.

Zero-Fill

Open source protocol used primarily for home automation. ZigBee uses radio frequencies in the 2.4 GHz band and a mesh topology.

ZigBee Low-power wireless communications

Used primarily for home automation. Z-Wave uses radio frequencies in the high 800 to low 900 MHz and a mesh topology.

Z-Wave Low-Power Wireless Communications Protocol

Security Plus Terms Flashcards

(594 cards)