Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Google CyberSecurity
Definitions for cybersecurity based on the Google course
| Term | Definition |
|---|---|
| Adversarial artificial intelligence (AI) | A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently |
| Antivirus software | A software program used to prevent, detect, and eliminate malware and viruses |
| Asset | An item perceived as having value to an organization |
| Authentication | The process of verifying who someone is |
| Availability | The idea that data is accessible to those who are authorized to access it |
| Business Email Compromise (BEC) | A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage |
| Cloud security | The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users |
| Compliance | The process of adhering to internal standards and external regulations |
| Computer virus | Malicious code written to interfere with computer operations and cause damage to data and software |
| Confidentiality | Only authorized users can access specific assets or data |
| Confidentiality, integrity, availability (CIA) triad | A model that helps inform how organizations consider risk when setting up systems and security policies |
| Cryptographic attack | An attack that affects secure forms of communication between a sender and intended recipient |
| Cybersecurity (or security) | The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation |
| Database | An organized collection of information or data |
| Data point | A specific piece of information |
| Hacker | Any person or group who uses computers to gain unauthorized access to data |
| Hacktivist | A person who uses hacking to achieve a political goal |
| Health Insurance Portability and Accountability Act (HIPAA) | A U.S. federal law established to protect patients’ health information |
| Integrity | The idea that the data is correct, authentic, and reliable |
| Internal threat | A current or former employee, external vendor, or trusted partner who poses a security risk |
| Intrusion detection system (IDS) | An application that monitors system activity and alerts on possible intrusions |
| Linux | An open-source operating system |
| Log | A record of events that occur within an organization’s systems |
| Malware | Software designed to harm devices or networks |
| National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) | A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk |
| Network protocol analyzer (packet sniffer) | A tool designed to capture and analyze data traffic within a network |
| Network security | The practice of keeping an organization's network infrastructure secure from unauthorized access |
| Open Web Application Security Project (OWASP) | A non-profit organization focused on improving software security |
| Order of volatility | A sequence outlining the order of data that must be preserved from first to last |
| Password attack | An attempt to access password secured devices, systems, networks, or data |
| Personally identifiable information (PII) | Any information used to infer an individual’s identity |
| Phishing | The use of digital communications to trick people into revealing sensitive data or deploying malicious software |
| Physical attack | A security incident that affects not only digital but also physical environments where the incident is deployed |
| Physical social engineering | An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location |
| Privacy protection | The act of safeguarding personal information from unauthorized use |
| Programming | A process that can be used to create a specific set of instructions for a computer to execute tasks |
| Protected health information (PHI) | Information that relates to the past, present, or future physical or mental health or condition of an individual |
| Protecting and preserving evidence | The process of properly working with fragile and volatile digital evidence |
| Security architecture | A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats |
| Security controls | Safeguards designed to reduce specific security risks |
| Security ethics | Guidelines for making appropriate decisions as a security professional |
| Security frameworks | Guidelines used for building plans to help mitigate risk and threats to data and privacy |
| Security governance | Practices that help support, define, and direct security efforts of an organization |
| Security information and event management (SIEM) | An application that collects and analyzes log data to monitor critical activities in an organization |
| Security posture | An organization’s ability to manage its defense of critical assets and data and react to change |
| Sensitive personally identifiable information (SPII) | A specific type of PII that falls under stricter handling guidelines |
| Social engineering | A manipulation technique that exploits human error to gain private information, access, or valuables |
| Social media phishing | A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack |
| Spear phishing | A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source |
| SQL (Structured Query Language) | A programming language used to create, interact with, and request information from a database |
| Supply-chain attack | An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed |
| Technical skills | Skills that require knowledge of specific tools, procedures, and policies |
| Threat | Any circumstance or event that can negatively impact assets |
| Threat actor | Any person or group who presents a security risk |
| Transferable skills | Skills from other areas that can apply to different careers |
| USB baiting | An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network |
| Virus | refer to “computer virus” |
| Vishing | The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source |
| Watering hole attack | A type of attack when a threat actor compromises a website frequently visited by a specific group of users |
| Assess | The fifth step of the NIST RMF that means to determine if established controls are implemented correctly |
| Attack vectors | The pathways attackers use to penetrate security defenses |
| Authorization | The concept of granting access to specific resources in a system |
| Authorize | The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization |
| Biometrics | The unique physical characteristics that can be used to verify a person’s identity |
| Business continuity | An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans |
| Categorize | The second step of the NIST RMF that is used to develop risk management processes and tasks |
| Chronicle | A cloud-native tool designed to retain, analyze, and search data |
| Detect | A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections |
| Encryption | The process of converting data from a readable format to an encoded format |
| External threat | Anything outside the organization that has the potential to harm organizational assets |
| Identify | A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets |
| Implement | The fourth step of the NIST RMF that means to implement security and privacy plans for an organization |
| Incident response | An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach |
| Metrics | Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application |
| Monitor | The seventh step of the NIST RMF that means be aware of how systems are operating |
| Open Web Application Security Project/Open Worldwide Application Security Project (OWASP) | A non-profit organization focused on improving software security |
| Playbook | A manual that provides details about any operational action |
| Prepare | The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs |
| Protect | A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats |
| Ransomware | A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access |
| Recover | A NIST core function related to returning affected systems back to normal operation |
| Respond | A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process |
| Risk | Anything that can impact the confidentiality, integrity, or availability of an asset |
| Risk mitigation | The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach |
| Security audit | A review of an organization's security controls, policies, and procedures against a set of expectations |
| Security information and event management (SIEM) | An application that collects and analyzes log data to monitor critical activities in an organization |
| Security orchestration, automation, and response (SOAR) | A collection of applications, tools, and workflows that use automation to respond to security events |
| Security posture | An organization’s ability to manage its defense of critical assets and data and react to change |
| Select | The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization |
| Shared responsibility | The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security |
| Social engineering | A manipulation technique that exploits human error to gain private information, access, or valuables |
| Splunk Cloud | A cloud-hosted tool used to collect, search, and monitor log data |
| Splunk Enterprise | A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time |
| Active packet sniffing | A type of attack where data packets are manipulated in transit |
| Address Resolution Protocol (ARP) | Used to determine the MAC address of the next router or device to traverse |
| Bandwidth | The maximum data transmission capacity over a network, measured by bits per second |
| Baseline configuration | A documented set of specifications within a system that is used as a basis for future builds, releases, and updates |
| Botnet | A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot herder" |
| Cloud-based firewalls | Software firewalls that are hosted by the cloud service provider |
| Cloud computing | The practice of using remote servers, application, and network services that are hosted on the internet instead of on local physical devices |
| Cloud network | A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet |
| Controlled zone | A subnet that protects the internal network from the uncontrolled zone |
| Data packet | A basic unit of information that travels from one device to another within a network |
| Denial of service (DoS) attack | An attack that targets a network or server and floods it with network traffic |
| Distributed denial of service (DDoS) attack | A type of denial or service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic |
| Domain Name System (DNS) | A networking protocol that translates internet domain names into IP addresses |
| Encapsulation | A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets |
| File Transfer Protocol (FTP) | Used to transfer files from one device to another over a network |
| Firewall | A network security device that monitors traffic to or from your network |
| Forward proxy server | A server that regulates and restricts a person’s access to the internet |
| Hub | A network device that broadcasts information to every device on the network |
| Hypertext Transfer Protocol (HTTP) | An application layer protocol that provides a method of communication between clients and website servers |
| Hypertext Transfer Protocol Secure (HTTPS) | A network protocol that provides a secure method of communication between clients and web servers |
| Identity and access management (IAM) | A collection of processes and technologies that helps organizations manage digital identities in their environment |
| IEEE 802.11 (Wi-Fi) | A set of standards that define communication for wireless LANs |
| Internet Control Message Protocol (ICMP) | An internet protocol used by devices to tell each other about data transmission errors across the network |
| Internet Control Message Protocol (ICMP) flood | A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server |
| Internet Protocol (IP) | A set of standards used for routing and addressing data packets as they travel between devices on a network |
| Internet Protocol (IP) address | A unique string of characters that identifies the location of a device on the internet |
| IP spoofing | A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network |
| Media Access Control (MAC) address | A unique alphanumeric identifier that is assigned to each physical device on a network |
| Multi-factor authentication (MFA) | A security measure that requires a user to verify their identity in two or more ways to access a system or network |
| Network log analysis | The process of examining network logs to identify events of interest |
| Network protocols | A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data |
| Network segmentation | A security technique that divides the network into segments |
| Open systems interconnection (OSI) model | A standardized concept that describes the seven layers computers use to communicate and send data over the network |
| On-path attack | An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit |
| Packet sniffing | The practice of capturing and inspecting data packets across a network |
| Penetration testing | A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes |
| Ping of death | A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB |
| Port | A software-based location that organizes the sending and receiving of data between devices on a network |
| Port filtering | A firewall function that blocks or allows certain port numbers to limit unwanted communication |
| Proxy server | A server that fulfills the requests of its clients by forwarding them to other servers |
| Replay attack | A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time |
| Reverse proxy server | A server that regulates and restricts the Internet's access to an internal server |
| Router | A network device that connects multiple networks together |
| Secure File Transfer Protocol (SFTP) | A secure protocol used to transfer files from one device to another over a network |
| Secure shell (SSH) | A security protocol used to create a shell with a remote system |
| Security hardening | The process of strengthening a system to reduce its vulnerabilities and attack surface |
| Security information and event management (SIEM) | An application that collects and analyzes log data to monitors critical activities for an organization |
| Security zone | A segment of a company’s network that protects the internal network from the internet |
| Simple Network Management Protocol (SNMP): | A network protocol used for monitoring and managing devices on a network |
| Smurf attack | A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets |
| Stateless | A class of firewall that operates based on predefined rules and that does not keep track of information from data packets |
| Stateful | A class of firewall that keeps track of information passing through it and proactively filters out threats |
| Subnetting | The subdivision of a network into logical groups called subnets |
| Switch | A device that makes connections between specific devices on a network by sending and receiving data between them |
| Synchronize (SYN) flood attack | A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets |
| TCP/IP model | A framework used to visualize how data is organized and transmitted across a network |
| Transmission Control Protocol (TCP) | An internet communication protocol that allows two devices to form a connection and stream data |
| Transmission control protocol (TCP) 3-way handshake | A three-step process used to establish an authenticated connection between two devices on a network |
| User Datagram Protocol (UDP) | A connectionless protocol that does not establish a connection between devices before transmissions |
| Virtual Private Network (VPN) | A network security service that changes your public IP address and masks your virtual location so that you can keep your data private when you are using a public network like the internet |
| Wide Area Network (WAN) | A network that spans a large geographic area like a city, state, or country |
| Wi-Fi Protected Access (WPA) | A wireless security protocol for devices to connect to the internet |
| Principle of least privilege | The concept of granting only the minimal access and authorization required to complete a task or function |
| Anomaly-based analysis | A detection method that identifies abnormal behavior |
| Broken chain of custody | Inconsistencies in the collection and logging of evidence in the chain of custody |
| Business continuity plan (BCP) | A document that outlines the procedures to sustain business operations during and after a significant disruption |
| Chain of custody | The process of documenting evidence possession and control during an incident lifecycle |
| Command and control (C2) | The techniques used by malicious actors to maintain communications with compromised systems |
| Common Event Format (CEF) | A log format that uses key-value pairs to structure data and identify fields and their corresponding values |
| Computer security incident response teams (CSIRT) | A specialized group of security professionals that are trained in incident management and response |
| Containment | The act of limiting and preventing additional damage caused by an incident |
| Crowdsourcing | The practice of gathering information using public collaboration |
| Data exfiltration | Unauthorized transmission of data from a system |
| Data packet | A basic unit of information that travels from one device to another within a network |
| Detection | The prompt discovery of security events |
| Endpoint detection and response (EDR) | An application that monitors an endpoint for malicious activity |
| Eradication | The complete removal of the incident elements from all affected systems |
| Event | An observable occurrence on a network, system, or device |
| False negative | A state where the presence of a threat is not detected |
| False positive | An alert that incorrectly detects the presence of a threat |
| Honeypot | A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders |
| Host-based intrusion detection system (HIDS) | An application that monitors the activity of the host on which it’s installed |
| Incident | An occurrence that jeopardizes, without lawful authority, the CIA of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies |
| Incident handler’s journal | A form of documentation used in incident response. |
| Incident response plan | A document that outlines the procedures to take in each step of incident response |
| Indicators of attack (IoA) | The series of observed events that indicate a real-time incident |
| Indicators of compromise (IoC) | Observable evidence that suggests signs of a potential security incident |
| Intrusion detection system (IDS) | An application that monitors system activity and alerts on possible intrusions |
| Intrusion prevention system (IPS): | An application that monitors system activity for intrusive activity and takes action to stop the activity |
| Lessons learned meeting | A meeting that includes all involved parties after a major incident |
| National Institute of Standards and Technology (NIST) Incident Response Lifecycle | A framework for incident response consisting of four phases: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-incident Activity |
| Network-based intrusion detection system (NIDS) | An application that collects and monitors network traffic and network data |
| Network Interface Card (NIC) | Hardware that connects computers to a network |
| Open-source intelligence (OSINT) | The collection and analysis of information from publicly available sources to generate usable intelligence |
| Packet capture (p-cap) | A file containing data packets intercepted from an interface or network |
| Recovery | The process of returning affected systems back to normal operations |
| Resilience | The ability to prepare for, respond to, and recover from disruptions |
| Search Processing Language (SPL) | Splunk’s query language |
| Security operations center (SOC) | An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks |
| Signature | A pattern that is associated with malicious activity |
| Signature analysis | A detection method used to find events interest |
| Suricata | An open-source intrusion detection system and intrusion prevention system |
| tcpdump | A command-line network protocol analyzer |
| Telemetry | The collection and transmission of data for analysis |
| Threat hunting | The proactive search for threats on a network |
| Threat intelligence | Evidence-based threat information that provides context about existing or emerging threats |
| YARA-L | A computer language used to create rules for searching through ingested log data |
| Zero-day | An exploit that was previously unknown |
| Non-repudiation | The concept that authenticity of information can't be denied |
| Data integrity | Relates to the accuracy and consistency of information |
Created by:
coolJazzCat