π The CI Triad represents the core goals of confidentiality, integrity, and availability in cybersecurity.
π‘οΈ A firewall acts as a network security device that monitors and controls network traffic based on security rules.
π Encryption is the process of converting plain text data into unreadable cipher data to protect it from unauthorized access.
π Defense in depth is a security strategy that involves deploying multiple layers of security controls.
π£ Social engineering is the manipulation of individuals to trick them into divulging confidential information.
π§ Patching is important in cybersecurity to fix vulnerabilities and improve system functionality.
βοΈ A zero-day vulnerability is a software flaw exploited by attackers before a patch is released.
π Encryption key management involves generating, distributing, and revoking keys to ensure data security.
π― A honeypot is a security mechanism that attracts attackers to analyze their techniques.
π§ Phishing is a social engineering attack where fraudulent emails are used to trick recipients.
π Logging and monitoring are crucial for detecting and responding to security incidents.
π Penetration testing involves assessing the security of a system through simulated attacks.
π Penetration testing helps organizations identify and address vulnerabilities before attackers can exploit them.
π A DMZ is a network segment that separates internal and external networks, minimizing the impact of attacks.
π A security incident response plan outlines steps to detect, contain, mitigate, and recover from security breaches.
π¦ Malware is malicious software that can harm computer systems, including viruses, worms, ransomware, and spyware.
π A VPN encrypts data transmitted over public networks, enhancing security and privacy.
π A secure password policy enforces guidelines for creating strong passwords and regular password changes.
π Security by obscurity is a weak approach that relies on secrecy or complexity of a system as the primary means of security.
π A Security Information and Event Management (SIEM) system plays a role in monitoring and analyzing security events.
π Biometric authentication uses unique physical or behavioral characteristics to verify user identity.
π¬ A sandbox is an isolated environment used to analyze potentially malicious code safely.
π€ User awareness training reduces the likelihood of falling victim to social engineering attacks.
π» Secure coding focuses on mitigating vulnerabilities and preventing common coding errors.
π A security policy establishes rules and guidelines for protecting information assets.
π Two-factor authentication requires users to provide two forms of identification.
π Public Key Infrastructure manages digital keys and certificates for secure communication.
π A security risk assessment helps identify and evaluate potential security risks and vulnerabilities in an organization.
π Security through obscurity should not be the sole method of protection.
π₯οΈ A rootkit is malicious software that grants unauthorized access to a computer system.
π« Zero trust architecture enforces strict access control and verification for all users and devices.
π A digital certificate verifies the identity of an entity and ensures secure communication.
π Symmetric encryption uses a single key, while asymmetric encryption uses a pair of keys.
π¨ A security incident potentially compromises information, while a security breach involves confirmed access to sensitive data.
π’ A certificate authority (CA) issues digital certificates and verifies the identity of individuals, organizations, or websites.
π A buffer overflow vulnerability occurs when a program writes more data into a temporary storage buffer than it can hold, leading to memory corruption and potential exploitation by attackers.
π₯ A firewall filters network traffic based on pre-determined rules to block unauthorized access, while an intrusion detection system monitors network activity to identify and respond to security threats.
π Security by Design involves integrating security considerations into the design and development of systems and applications from the outset, reducing the need for added security measures.
βοΈ Distributed Ledger technology like blockchain enhances security by providing transparency, reducing the risk of fraud, and ensuring data integrity through cryptographic hashing.
π€ A malicious insider is an individual within an organization who misuses their access and privileges to intentionally compromise security, such as stealing data or assisting external attackers.
π The Chief Information Security Officer (CISO) is responsible for an organization's information security strategy, managing security programs, and ensuring compliance with security policies and regulations.
π The principle of least privilege dictates that users and processes should have only the minimum access necessary to perform their tasks, reducing the potential impact of a compromise.
π The OWASP Top 10 is a list of the most critical security risks for web applications.
π The OWASP Top 10 is a list of the most critical security risks facing web applications, published by the Open Web Application Security Project.
π A security event is a measurable occurrence that may indicate a security breach, while a security incident is a confirmed breach or compromise of a system's security.
π A data breach involves unauthorized access, disclosure, or loss of sensitive data, while a cyber attack encompasses a broader range of malicious activity.
βοΈ The least common mechanism principle suggests that shared resources should have the least amount of privilege necessary to function, reducing the potential attack surface.
π A rainbow table attack is a type of password attack that uses pre-computed tables to crack hashed passwords quickly.
β In a DoS attack, a single source overwhelms a target's resources, while in a DDoS attack, multiple compromised devices coordinated by an attacker flood the target, making mitigation more complex.
π Anomaly detection in cybersecurity involves identifying deviations from normal patterns of behavior or activity in a system or network to detect potential security breaches.