Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
INFSEC FINALS
REVIEWER
| Term | Definition |
|---|---|
| Cybersecurity | Protection of networked systems and data from unauthorized use or harm. |
| Spyware | Malware designed to track and spy on the user without their knowledge. |
| Buffer Overflow | A type of security vulnerability where data is written beyond the limits of a buffer |
| Phishing | A type of cyberattack where a malicious party sends fraudulent emails disguised as being from a legitimate source. |
| Rootkit | Malware that modifies the operating system to create a backdoor. |
| Ransomware | Malware that holds a computer system or data captive until a ransom is paid. |
| Black Hat | Hackers who exploit vulnerabilities for illegal, personal, financial, or political gain. |
| Social Engineering | Manipulation of individuals into performing actions or divulging confidential information. |
| Brute-force attacks | An attack method where the attacker tries numerous possible passwords or encryption keys. |
| SYNful Knock | A vulnerability in Cisco IOS that allows attackers to gain control of routers. |
| Offline Identity | Your identity that interacts on a regular basis at home, school, or work. |
| Online Identity | Your identity while you are in cyberspace, which should only reveal a limited amount of information about you. |
| EHR (Electronic Health Records) | Physical, mental, and other personal information stored electronically |
| Man-in-the-Middle | An attack where the attacker secretly intercepts and possibly alters the communication between two parties. |
| Adware | Software that automatically displays or downloads advertising material when a user is online. |
| Gray Hat | Hackers who may violate laws or ethical standards but do not have the malicious intent of black hats |
| Script Kiddies | Inexperienced hackers who use existing computer scripts or code to hack into computers. |
| Scareware | Malware designed to scare users into buying unnecessary software or providing personal information. |
| Authentication | The process of verifying the identity of a user or device. |
| Race Condition | A security vulnerability caused by improperly ordered or timed events. |
| Confidentiality | Ensuring that information is accessible only to those authorized to have access. |
| Trojan Horse | Malware that misleads users of its true intent by disguising itself as a legitimate program. |
| Project Zero | An initiative by Google aimed at finding software vulnerabilities. |
| Rowhammer | A hardware vulnerability in DRAM where repeated access to a row of memory can cause bit flips in adjacent rows. |
| Firewall and Antivirus | Always keep your firewall active and use reputable antivirus software. |
| Unique Passwords | Use unique, complex passwords or passphrases for each account. |
| Encryption | Encrypt sensitive data to protect it from unauthorized access. |
| Backup | Regularly back up your data to prevent loss. |
| Privacy | Be cautious about the information shared on social media and use private browsing modes. |
| Two-Factor Authentication | Use two-factor authentication for added security. |
| Organizational Security | Implement comprehensive security policies, conduct regular employee training, and ensure both digital and physical security measures are in place. |
| Overview of Protecting Your Data - Protecting Devices from Threats | Keep your firewall on to prevent unauthorized access. Use antivirus and antispyware software; download only from trusted websites. Regularly update your operating system and browser. |
| Overview of Protecting Your Data - Managing Operating Systems and Browsers | Set security settings to medium or higher. Install the latest patches and security updates. |
| Using Wireless Networks Safely - Home Wireless Network | Change default SSID and administrative password. Disable SSID broadcast and use WPA2 encryption. Be aware of WPA2 protocol security flaws (e.g., KRACK attack). |
| Using Wireless Networks Safely - Public Wi-Fi Hotspots | Avoid sending sensitive information. Use a VPN to prevent eavesdropping. Turn off Bluetooth when not in use. |
| Passwords and Passphrases - Passwords and Passphrases | Avoid dictionary words, names, and common misspellings. Use special characters and a minimum of ten characters. Use password managers for convenience. |
| Passwords and Passphrases - Passphrases | Create meaningful statements with special characters. Follow NIST guidelines: minimum 8 characters, no common passwords, allow all characters, and no password hints. |
| Data Maintenance - Encrypting Your Data | Use encryption to protect data from unauthorized access. Understand encryption as converting information into an unreadable format without a key. |
| Data Maintenance - Backing Up Your Data | Regularly and automatically back up data. Use local backups (e.g., NAS, external hard drives) or cloud storage services. |
| Data Maintenance - Deleting Data Permanently | Use tools to delete data securely. Destroy storage devices to ensure data is unrecoverable. |
| Safeguarding Online Privacy - Strong Authentication | Implement two-factor authentication using physical objects or biometric scans. Utilize OAuth 2.0 for secure access to third-party applications without exposing passwords. |
| Safeguarding Online Privacy - Sharing Information on Social Media | Minimize sharing personal information (e.g., birth date, email, phone number). Regularly check and adjust social media privacy settings. |
| Safeguarding Online Privacy - Email and Web Browser Privacy | Understand email is not secure and can be read by multiple parties. Use private browsing modes to protect online activities. |
| Overview of Organizational Protection - Security Policies and Procedures | Develop and enforce comprehensive security policies. Ensure employees are trained on security protocols and procedures. |
| Overview of Organizational Protection - Incident Response | Establish an incident response plan to handle security breaches. Regularly test and update the response plan. |
| Network Security - Network Segmentation | Use network segmentation to isolate sensitive data and systems. Implement firewalls and intrusion detection/prevention systems (IDS/IPS). |
| Network Security - Secure Access Controls | Employ role-based access control (RBAC) to restrict access based on job roles. Use multi-factor authentication (MFA) for accessing critical systems. |
| Data Protection and Privacy - Data Encryption and Masking | Encrypt sensitive data both in transit and at rest. Use data masking to protect sensitive information in non production environments. |
| Data Protection and Privacy - Data Loss Prevention (DLP) | Implement DLP solutions to monitor and protect data from unauthorized access or leaks. Educate employees on data handling and protection best practices. |
| Physical Security - Secure Facilities | Control physical access to sensitive areas with security measures (e.g., badges, biometrics). Monitor and log access to facilities. |
| Physical Security - Equipment Protection | Secure hardware and networking equipment against theft and tampering. Regularly inspect and maintain physical security controls. |
| Employee Training and Awareness - Regular Training Programs | Conduct ongoing cybersecurity training for all employees. Simulate phishing attacks to raise awareness and improve response. |
| Employee Training and Awareness - Creating a Security Culture | Foster a culture of security within the organization. Encourage employees to report suspicious activities and potential security threats. |
| Responsibility and Ethics | Emphasize the importance of being both legally compliant and ethically sound in all professional activities. |
| Consultation and Compliance | Highlight the need for consulting legal departments and adhering to corporate codes of ethics. |
| Career Paths | Provide an overview of the various job roles and the importance of each in maintaining cybersecurity. |
| Global Impact | Stress the significance of international cooperation in combating cyber threats. |
| Responsibility | Cybersecurity professionals must use their skills responsibly to avoid legal repercussions. |
| Compliance | Companies must adhere to cybersecurity laws and regulations. |
| Consequences | Violations can result in job loss and legal penalties for both individuals and companies. |
| Legal Consultation | When in doubt, always consult the legal department to ensure compliance. |
| IMPACT | A global partnership involving governments, industries, and academia aimed at improving global cybersecurity capabilities. |
| Legal vs. Ethical | Actions can be legal but still unethical. Cybersecurity professionals must adhere to a higher standard of ethics. |
| Codes of Ethics | Many organizations have codes of ethics that guide professional behavior. |
| Enforcement | Sometimes these codes are supported by laws. |
| Organizations with Published Codes of Ethics | The CyberSecurity Institute (CSI) The Information Systems Security Association (ISSA) The Association of Information Technology Professionals (AITP) |
| Job Search Engines | TJobMatch, Monster, CareerBuilder |
| Types of Jobs - Penetration Tester/Ethical Hacker | Tests systems for vulnerabilities. |
| Types of Jobs - Security Administrator | Manages and secures network systems. |
| Types of Jobs - Network Administrator | Oversees network operations and security. |
| Types of Jobs - System Administrator | Maintains and secures computer systems. |
Created by:
JonasTiglao28
Popular Computers sets