Definitions
Is a fundamental principle of cybersecurity that ensures data remains accurate, consistent, and unaltered unless modified by authorized individuals
what is Integrity?
These restrict physical access to systems and facilities. Focus is on physical protection and safety of organizational assets and personnel.
what are physical controls?
Attackers with a political, social or environmental ideological agenda
Infect and replicate by attaching to executable files; cause damage or steal data. Can replicate but can not propagate itself, requires installation vector.
what is a virus?
a weakness in physical components like firmware, outdated hardware, or insecure configurations
what is hardware vulnerabilities?
Unauthorized code with a harmful purpose or payload
what is malware?
Measures implemented through technology. Also known as logical controls. Work at the bit level.
what are technical controls?
Attackers seeking financial gain, usually though extortion
what is organized crime?
Self replicates and spreads across networks without a host file; disrupts services and consumes bandwidth
what is a worm?
security flaws in wireless connections that allow unauthorized access
what is a Bluetooth vulnerability?
Refers to the framework, policies, and procedures that ensure an organizations security strategy aligns with its overall business objectives, regulatory requirements, and risk management priorities
what is Governance?
Designed to psychologically discourage an attacker from attacking. The attacker has a choice to proceed or not.
What are Deterrent controls?
Attackers within the employ of the target organization
What is an insider threat?
encrypt files and demand payment for decryption; causes significant disruption and financial loss
what is ransomware?
security risks specific to ____ devices, including app-based threats and insecure network connections
what is a mobile vulnerability?
A security principle that ensures a message or action can be undeniably attributed to its sender
What is Non-repudiation?
Proactive control, designed to stop an attack before it starts. Goal is to reduce the likelihood of an incident succeeding.
what are Preventive controls?
Government led and supported attackers, usually have more available finances and high skillsets
What is Nation-State Actor?
revenue generation by creator displaying unwanted advertisements
what is adware?
newly discovered security flaws that have no official patch yet
what is a Zero-day Vulnerability?
The sum of all possible vulnerabilities that an attacker can exploit
what is an attack surface?
Follow-up controls used to minimize the harm caused and prevent recurrence . Re-establishes the security baseline.
what are Corrective controls?
Non-IT department personnel who bypass the IT department to set up non-authorized technologies, multiple policy violations
What is Shadow IT?
disguised as litigate software to gain access; deliver payloads (ransomware, spyware, adware, ect.)
what is trojan horse?
client side code injection attack where malicious scripts are injected into trusted websites. The scripts run in the victims browser.
what is cross-site scripting (XSS)?