Term
| The Gramm-Leach-Bliley Act (GLBA) |
|
Definition
| The Gramm-Leach-Bliley Act (GLBA) is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information |
|
|
Term
| The Health Insurance Portability and Accountability Act (HIPPA) |
|
Definition
| The Health Insurance Portability and Accountability Act (HIPPA) is a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. |
|
|
Term
|
Definition
| Sarbanes-Oxley (SOX) is a United States federal law that set new or expanded requirements for all US public company boards, management, and public accounting firms. |
|
|
Term
| The Family Educational Rights and Privacy Act (FERPA) |
|
Definition
| The Family Educational Rights and Privacy Act (FERPA) of 1974 is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments. |
|
|
Term
|
Definition
| Direct object references are typically insecure when they do not verify whether a user is authorized to access a specific object. |
|
|
Term
| Security assertions markup language (SAML) |
|
Definition
| Security assertions markup language (SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. SAML is a solution for providing single sign-on (SSO) and federated identity management. |
|
|
Term
|
Definition
| It allows a service provider (SP) to establish a trust relationship with an identity provider (IdP) so that the SP can trust the identity of a user (the principal) without the user having to authenticate directly with the SP. |
|
|
Term
|
Definition
| SHA-1 creates a 160-bit fixed output. |
|
|
Term
|
Definition
| SHA-2 creates a 256-bit fixed output. |
|
|
Term
|
Definition
| NTLM creates a 128-bit fixed output |
|
|
Term
|
Definition
| MD-5 creates a 128-bit fixed output |
|
|
Term
|
Definition
| Rapid elasticity is used to describe the scalable provisioning or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause significant loading of the system due to the high resource number of allocation and deallocation requests. |
|
|
Term
|
Definition
| A system on a chip is an integrated circuit that integrates all or most components of a computer or other electronic system. These components almost always include a central processing unit, memory, input/output ports, and secondary storage – all on a single substrate or microchip, the size of a coin. |
|
|
Term
|
Definition
| RIPEMD creates a 160-bit fixed output. |
|
|
Term
The benefit of Elliptic curve cryptography (ECC)
over non-ECC cryptography |
|
Definition
| An application that can achieve the same level of security provided by non-ECC cryptography while using a shorter key length. For example, an ECC algorithm using a 256-bit key length is just as strong as an RSA or Diffie-Hellman algorithm using a 3072-bit key length. |
|
|
Term
| Elliptic curve cryptography (ECC) |
|
Definition
| lliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. |
|
|
Term
|
Definition
| Full packet capture records the complete payload of every packet crossing the network. |
|
|
Term
|
Definition
| Integer overflows and other integer manipulation vulnerabilities frequently result in buffer overflows. An integer overflow occurs when an arithmetic operation results in a large number to be stored in the space allocated for it. Integers are stored in 32 bits on the x86 architecture; therefore, if an integer operation results in a number greater than 0xffffffff, an integer overflow occurs, as was the case in this example. |
|
|
Term
|
Definition
| SQL injection is an attack that injects a database query into the input data directed at a server by accessing the application's client-side. |
|
|
Term
|
Definition
| Password spraying is a type of brute force attack in which multiple user accounts are tested with a dictionary of common passwords. |
|
|
Term
|
Definition
| A beacon can be sent over numerous protocols, including ICMP, DNS, HTTP, and numerous others. Unless you specifically knew the protocol being used by the suspected beacon, filtering out beacons by the protocol seen in the logs could lead you to eliminate malicious behavior prematurely. Other factors like the beacon's persistence (if it remains after a reboot of the system) and the beacon's interval (how much time elapses between beaconing)are much better indicators for fingerprinting a malicious beacon. The removal of known traffic by the script can also minimize the amount of data the cybersecurity analyst needs to analyze, making it easier to detect the malicious beacon without wasting their time reviewing non-malicious traffic. |
|
|
Term
| Randomized one-time use pad |
|
Definition
| The only truly unbreakable encryption is one that uses a one-time use pad. This ensures that every message is encrypted with a different shared key that only the two owners of the one-time use pad would know. This technique ensures that there is no pattern in the key for an attacker to guess or find. Even if one of the messages could be broken, all of the other messages would remain secure since they use different keys to encrypt them. Unfortunately, one-time use pads require that two identical copies of the pad are produced and distributed securely before they can be used. |
|
|
Term
| Segmentation-based containment |
|
Definition
| Segmentation-based containment is a means of achieving the isolation of a host or group of hosts using network technologies and architecture. |
|
|
Term
|
Definition
| IPv6 includes IPSec built into the protocol by default. Additionally, IPv6 also provides an extended IP address range for networks, eliminating the need for using NAT. |
|
|
Term
|
Definition
| A SYN flood is a variant of a Denial of Service (DOS) attack where the attacker initiates multiple TCP sessions but never completes the 3-way handshake. This uses up resources on the server since it cannot complete the handshake and keeps resources reserved for the attacker’s computer while it awaits the handshake's completion. |
|
|
Term
| Infrastructure as a Service (Iaas) |
|
Definition
| Infrastructure as a Service (Iaas) is focused on moving your servers and computers into the cloud. If you purchase a server in the cloud and then install and manage the operating system and software on it, this is Iaas. |
|
|
Term
| Digital Signature Algorithm (DSA) |
|
Definition
| The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures. The algorithm uses a key pair consisting of a public key and a private key |
|
|
Term
|
Definition
| ES, RC4, and DES are all symmetric algorithms. |
|
|
Term
|
Definition
| A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. If you post a lot of personal information about yourself online, this type of password can easily be bypassed. For example, during the 2008 elections, Vice Presidential candidate Sarah Palin's email account was hacked because a high schooler used the "reset my password" feature on Yahoo's email service to reset her password using the information that was publically available about Sarah Palin (like her birthday, high school, and other such information). |
|
|
Term
|
Definition
| A cybersecurity analyst must preserve evidence during the containment, eradication, and recovery phase. They must preserve forensic and incident information for future needs, prevent future attacks or bring up an attacker on criminal charges. |
|
|
Term
|
Definition
| The process used to conduct an inventory of critical systems, components, and devices within an organization. |
|
|
Term
|
Definition
| RC4, or Rivest Cipher 4, is a symmetric stream cipher used in WEP and TLS. |
|
|
Term
|
Definition
| AES, Blowfish, and DES are all block ciphers. |
|
|
Term
|
Definition
| OCSP is a protocol used to query CA about the revocation status of a certificate. |
|
|
Term
|
Definition
| Wildcards are certificates that allow your company unlimited subdomains on a parent domain. |
|
|
Term
| Continuous deployment of software |
|
Definition
| Continuous deployment is a software development method in which app and platform updates are committed to production rapidly. |
|
|
Term
| Continuous delivery of software |
|
Definition
| Continuous delivery is a software development method in which app and platform requirements are frequently tested and validated for immediate availability. |
|
|
Term
| Continuous integration of software |
|
Definition
| Continuous integration is a software development method in which code updates are tested and committed to development or build server/code repositories rapidly. |
|
|
Term
| Sensitive Personal Information (SPI) |
|
Definition
| Information about an individual's race or ethnic origin is classified as Sensitive Personal Information (SPI).Sensitive personal information (SPI) is information about a subject's opinions, beliefs, and nature afforded specially protected status by privacy legislation. As it cannot be used to identify somebody or make any relevant assertions about health uniquely. |
|
|
Term
| When weak SSLv3.0/TLSv1.0 protocol is used |
|
Definition
| This vulnerability should be categories as a web application cryptographic vulnerability. This is shown by the weak SSLv3.0/TLSv1.0 protocol being used in cipher block chaining (CBC) mode. Specifically, the use of the 3DES and DES algorithms during negotiation is a significant vulnerability. A stronger protocol should be used, such as forcing the use of AES. |
|
|
Term
|
Definition
| Iris scans rely on the matching of patterns on the surface of the eye using near-infrared imaging, and so is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and much quicker. Iris scanners offer a similar level of accuracy as retinal scanners but are much less likely to be affected by diseases. Iris scanning is the technology most likely to be rolled out for high-volume applications, such as airport security. There is a chance that an iris scanner could be fooled by a high-resolution photo of someone's eye. |
|
|
Term
| Context-based authentication |
|
Definition
| Context-based authentication can consider several factors before permitting access to a user, including their location (e.g., country, GPS location, etc.), the time of day, and other key factors to minimize the threat of compromised credentials from being utilized by an attacker. |
|
|
Term
|
Definition
| SQL injection is a code injection technique that is used to attack data-driven applications. SQL injections are conducted by inserting malicious SQL statements into an entry field for execution. For example, an attacker may try to dump the contents of the database by using this technique. A common SQL injection technique is to insert an always true statement, such as 1 == 1, or in this example, 7 == 7. |
|
|
Term
|
Definition
| Header manipulation is the insertion of malicious data, which has not been validated, into an HTTP response header. |
|
|
Term
|
Definition
| XML Injection is an attack technique used to manipulate or compromise an XML application or service's logic. The injection of unintended XML content and/or structures into an XML message can alter the application's intended logic. |
|
|
Term
| Cross-Site Scripting (XSS) |
|
Definition
| Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in a browser-side script, to a different end-user. |
|
|
Term
| Data wiping of a hard drive |
|
Definition
| Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. |
|
|
Term
|
Definition
| Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. |
|
|
Term
|
Definition
| Purging involves removing sensitive data from a hard drive using the device's own electronics or an outside source (like a degausser). A purged device is generally not reusable. |
|
|
Term
| Shredding of a hard drive |
|
Definition
| Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse. |
|
|
Term
|
Definition
| The Lightweight Directory Access Protocol (LDAP) uses a client-server model for mutual authentication. LDAP is used to enable access to a directory of resources (workstations, users, information, etc.). TLS provides mutual authentication between clients and servers. Since Secure LDAP (LDAPS) uses TLS, it provides mutual authentication. |
|
|
Term
| Discretionary access control (DAC) |
|
Definition
| Discretionary access control (DAC) stresses the importance of the owner. The original creator of the resource is considered the owner and can then assigned permissions and ownership to others. The owner has full control over the resource and can modify its ACL to grant rights to others. This is the most flexible model and is currently implemented widely in Windows, Unix, Linux, and macOS systems. |
|
|
Term
| An exact data match (EDM) |
|
Definition
| An exact data match (EDM) is a pattern matching technique that uses a structured database of string values to detect matches. For example, a company might have a list of actual social security numbers of its customers. But, since it is not appropriate to load these numbers into a DLP filter, they could use EDM to match the numbers' fingerprints instead based on their format or sequence. |
|
|
Term
|
Definition
| Document matching attempts to match a whole document or a partial document against a signature in the DLP. |
|
|
Term
|
Definition
| Statistical matching is a further refinement of partial document matching that uses machine learning to analyze various data sources using artificial intelligence or machine learning. |
|
|
Term
| Classification techniques |
|
Definition
| Classification techniques use a rule based on a confidentiality classification tag or label attached to the data. For example, the military might use a classification based DLP to search for any files labeled as secret or top secret. |
|
|
Term
|
Definition
| A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can cause an overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Programs should use the variable size validation before writing the data to memory to ensure that the variable can fit into the buffer to prevent this type of attack. |
|
|
Term
| PHI (Protected Health Information) |
|
Definition
| Hospital patient records are most accurately categorized as PHI. |
|
|
Term
| Recovery point objective (RPO) |
|
Definition
| Recovery point objective (RPO) describes a period of time in which an enterprise's operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure. RPO is about how much data you afford to lose before it impacts business operations. For example, at Dion Training, if 1 hour of data loss occurred, that means that any student progress within the last hour would be lost once the organization restored a server from a known good backup. |
|
|
Term
|
Definition
| A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. The key to answering this question is that they were using passwords from a list. In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A dictionary attack is a specific form of a brute-force attack that uses a list. |
|
|
Term
| A session hijacking attack |
|
Definition
| A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver. |
|
|
Term
| A man-in-the-middle attack (MITM |
|
Definition
| A man-in-the-middle attack (MITM), also known as a hijack attack, is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. |
|
|
Term
|
Definition
| he white team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. |
|
|
Term
| The single loss expectancy (SLE) |
|
Definition
The single loss expectancy (SLE) is the amount that would be lost in a single occurrence (AV) times the risk factor (RF). The annual loss expectancy (ALE) is the total cost of a risk to an organization annually. This is determined by multiplying the SLE by the annual rate of occurrence (ARO).
SLE = AV x RF = $120,000 x 0.3 = $36,000
ALE = SLE x ARO = $36,000 x 0.25 = $9,000 |
|
|
Term
| A machine learning (ML) system |
|
Definition
| A machine learning (ML) system uses a computer to accomplish a task without being explicitly programmed. In the context of cybersecurity, ML generally works by analyzing example data sets to create its own ability to classify future items presented. If the system was presented with large datasets of malicious and benign traffic, it will learn which is malicious and categorize future traffic presented to it. |
|
|
Term
|
Definition
| Artificial Intelligence is the science of creating machines to develop problem-solving and analysis strategies without significant human direction or intervention. AI goes beyond ML and can make a more complicated decision than just the classifications made by ML |
|
|
Term
|
Definition
| A deep learning system can determine what is malicious traffic without having the prior benefit of being told what is benign/malicious |
|
|
Term
| A generative adversarial network |
|
Definition
| A generative adversarial network is an underlying strategy used to accomplish deep learning. |
|
|
Term
| A directory traversal attack |
|
Definition
| A directory traversal attack aims to access files and directories stored outside the webroot folder. By manipulating variables or URLs that reference files with “dot-dot-slash (../)” sequences and its variations or using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files. The example output provided comes from a remote code execution vulnerability being exploited in which a directory traversal is used to access the files. |
|
|
Term
| Desktop as a Service (DaaS) |
|
Definition
| Desktop as a Service (DaaS) provides a full virtualized desktop environment from within a cloud-based service. This is also known as VDI (Virtualized Desktop Infrastructure) and is coming in large enterprise businesses focused on increasing their security and minimizing their operational expenses. Shadow PC (shadow.tech) provides a version of DaaS for home users who want to have a gaming PC without all the upfront costs. |
|
|
Term
| Acceptable use policy/rules of behavior |
|
Definition
Agreed-upon principles set forth
by a company to govern how the employees of that company may use
resources such as computers and Internet access. |
|
|
Term
| Annual loss expectancy (ALE) |
|
Definition
A calculation used to identify risks and
calculate the expected loss each year. |
|
|
Term
| Annualized rate of occurrence (ARO) |
|
Definition
A calculation of how often a threat
will occur. For example, a threat that occurs once every five years has an
annualized rate of occurrence of 1/5, or 0.2. |
|
|
Term
|
Definition
| The assessed value of an item (server, property, and so on) associated with cash flow. |
|
|
Term
|
Definition
| The potential percentage of loss to an asset if a threat is realized. |
|
|
Term
| Interconnection security agreement (ISA) |
|
Definition
| The potential percentage of loss to an asset if a threat is realized. |
|
|
Term
| Business partners agreement (BPA) |
|
Definition
An agreement between partners in
a business that outlines its responsibilities, obligations, and sharing of profits and losses. |
|
|
Term
| Business impact analysis (BIA) |
|
Definition
A study of the possible impact if a
disruption to a business’s vital resources was to occur. |
|
|
Term
| Maximum tolerable downtime (MTD) |
|
Definition
| The maximum period of time that a business process can be down before the survival of the organization is at risk. |
|
|
Term
| Meantime between failures (MTBF) |
|
Definition
The measurement of the anticipated
lifetime of a system or component. |
|
|
Term
| Meantime to failure (MTTF) |
|
Definition
| The measurement of the average of how long it takes a system or component to fail. |
|
|
Term
| Meantime to restore (MTTR) |
|
Definition
The measurement of how long it takes to
repair a system or component once a failure occurs. |
|
|
