Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
|
Knowledge of Cybersecurity Principles used to manage risk related to the use, processing, storage and transmission of information or data. |
Confidentiality: The protection of information from unauthorized access or disclosure. Integrity: The protection of information from unauthorized modification. Availability: The timely and reliable access to and use of information and systems. Nonrepudiation: the assurance that a party cannot later deny originating data; provision of proof of the integrity and origin of the data and that can be verified by a 3rd party. |
|
|
Cybersecurity Roles |
Board of Directors Executive Committee Security Management Cybersecurity Practitoners |
|
|
Threat Agents |
Corporations Nation States Hacktivists Cyberterrorists Cybercriminals Cyberwarriors Script Kiddies Online Social Hackers Employees |
|
|
Adversarial Threat Process |
1. Perform Reconnaissance 2. Create Attack Tools 3. Deliver malicious capabilities 4. Exploit and compromise 5. Conduct an attack 6. Achieve results 7. Maintain a presence or set of capabilities 8. Coordinate a campaign |
|
|
Attacks that perform reconnaissance |
1. Sniffing or scanning the network perimeter 2. Using open source discovery of organizational information 3. Running malware to identify potential targets |
|
|
Attacks that create attack tools |
1. Phishing or spear phishing attacks 2. Crafting counterfeit web sites or certificates 3. Creating and operating false front organizations to inject malicious components into the supply chain. |
|
|
Attacks that deliver malicious capabilities |
1. Introducing malware into organizational information systems. 2. Placing subverted individuals into privileged positions within the organization. 3. Installing sniffers or scanning devices on targeted networks and systems. 4. Inserting tampered hardware or critical components into organizational systems or supply chains. |
|
|
Attacks that exploit and compromise |
1. Split tunneling or gaining physical access to organizational facilities. 2. Exfiltrating data or sensitive information. 3. Exploiting multitenancy in a cloud environment. 4. Launching zero-day exploits. |
|
|
Attacks that help conduct an attack |
1. Communication interception or wireless jamming attacks. 2. Denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks 3. Remote interference with or physical attacks on organizational facilities or infrastructures. 4. Session-hijacking or man-in-the-middle attacks. |
|
|
Attacks to achieve results |
1. Obtaining unauthorized access to systems and/or sensitive information 2. Degrading organizational services or capabilities. 3. Creating, corrupting or deleting critical data. |
|
|
Attacks to maintain a presence or set of capabilities |
1. Obfuscating adversary actions or interfering with intrusion detection systems (IDSs) 2. Adapting cyberattacks in response to organizational security measures. |
|
|
Attacks to coordinate a campaign |
1. Multi-staged attacks 2. Internal and external attacks 3. Widespread and adaptive attacks. |
|
|
Cybersecurity Controls |
1. Identity Management 2. Provisioning and Deprovisioning 3. Authorization 4. Access Control Lists 5. Access Lists 6. Privileged User Management 7. Change Management 8. Configuration Management 9. Patch Management |
|
|
Viruses |
It is a piece of code that can replicate itself and spread from one computer to another. It requires intervention or execution to replicate and/or cause damage. |
|
|
Network worm |
A variant of the computer virus, which is essentially a piece of self-replicating code designed to spread itself across computer networks. It does not require intervention or execution to replicate. |
|
|
Trojan horses |
A further category of malware; which is a piece of malware that gains access to a targeted system by hiding within a genuine application. Trojan horses are often broken down into categories reflecting their purposes. |
|
|
Botnets |
It (a term derived from "robot network") is a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as denial-of-service (DoS). |
|
|
Spyware |
A class of malware that gathers information about a person or organization without the knowledge of that person or organization. |
|
|
Adware |
Designed to present advertisements (generally unwanted) to users. |
|
|
Ransomware |
A class of extortive malware that locks or encyrpts data or functions and demands a payment to unlock them. |
|
|
Keylogger |
A class of malware that secretly records user keystrokes and, in some cases, screen content. |
|
|
Rootkit |
A class of malware that hides the existence of other malware by modifying the underlying operating system. |
|
|
Advanced persistent threats |
Complex and coordinated attacks directed at a specific entity or organization. They require an enormous amount of research and time, often taking months or even years to fully execute. |
|
|
Backdoor |
A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions. |
|
|
Brute force attack |
An attack made by trying all possible combinations of passwords or encryption keys until the correct one is found. |
|
|
Buffer overflow |
Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information-which has to go somewhere-can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes type of security attack or data integrity. |
|
|
Cross-site scripting (XSS) |
A type of injection in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. |
|
|
Denial-of-service (DoS) attack. |
An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate. |
|
|
Man-in-the-middle attack |
An attack strategy in which the attacker intercepts the communication stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own, eventually assuming control of the communication. |
|
|
Social engineering |
Any attempt to exploit social vulnerabilities to gain access to information and/or systems. It involves a "con game" that tricks others into divulging information or opening malicious software or programs. |
|
|
Phishing |
A type of electronic mail (email) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering. |
|
|
Spear phishing |
An attack where social engineering techniques are used to masquerade as a trusted party to obtain important such as passwords from the victim. |
|
|
Spoofing |
Faking the sending address of a transmission in order to gain illegal entry into a secure system. |
|
|
Structure Query Lanaguage (SQL) injection |
According to MITRE, SQL injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. |
|
|
Zero-day exploit |
A vulnerability that is exploited before the software creator/vendor is even aware of its existence. |
|
|
Security Management - Identify |
Use organizational understanding to minimize risk to systems, assets, data and capabilites. |
|
|
Security Management - Protect |
Desing safeguards to limit the impact of potential events on critical services and infrastructure. |
|
|
Security Management - Detect |
Implement activities to identify the occurrence of a cybersecurity event. |
|
|
Security Management - Respond |
Take appropriate action after learning of a security event. |
|
|
Security Management - Recover |
Plan for resilience and the timely repair of compromised capabilities and services. |
|
|
Risk |
The combination of the probability of an event and its consequences. |
|
|
Threat |
Anything that is capble of acting against an asset in a manner that can result in harm. |
|
|
Asset |
Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation |
|
|
Vulnerability |
A weakness in the desing, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events. |
|
|
Residual risk |
Even after safeguards are in place, there will always be residual risk, defined as the remaining risk after management has implemented a risk response. |
|
|
Inherent risk |
The risk level or exposure without taking into account the actions that management has taken or might take (e.g. implementing controls) |
|
|
Policies |
Communicate required and prohibited activities and behaviors |
|
|
Standards |
Interpret policies in specific situations |
|
|
Procedures |
Provide details on how to comply with policies and standards. |
|
|
Guidelines |
Provide general guidance on issues such as "what to do in particular circumstances". These are not requirements to be met, but are strongly recommended. |
|
|
Identity Management |
Focuses on streamlining various business processes needed to manage all forms of identities in an organization. |
|
|
User provisioning |
Part of the organization's hiring process where user accounts are created; passwords and access control rights are generally assigned based on the job duties of the user |
|
|
User deprovisioning |
All accounts and accesses must be suspended or deleted in a timely manner |
|
|
Authorization |
Used for access control that the system be able to identify and differentiate among users. |
|
|
Access Control Lists (ACLs) |
A register of users (including groups, machines and processes) who have permission to use a particular system resource. |
|
|
Access List |
Filter traffic at router interfaces based on specified criteria, thus affording basic network security. |
|
|
Privileged User Management |
Permits authorized users to maintain and protect systems and networks. |
|
|
Change Management |
Ensure that that changes to processes, systems, software, applications, platforms and configuration are introduced in an orderly, controlled manner. |
|
|
Configuration Management |
Maintaining the security configurations of network devices, systems, applications, and other IT resources is critically important to ensure security controls are properly installed and maintained. |
|
|
Patch Management |
The managment of patches to solve software programming erros. |
