Cybersecurity Framework
Assists in developing an organizational understanding of managing cybersecurity risk to systems, people, assets, data, and capabilities.
Identify
A software program that provides similar functionality of Windows Task Manager along with a rich set of features for collecting information about processes running on the user's system.
Process Explorer
A method for analyzing computer network performance that is marked by comparing current performance to a historical metric, or definition.
Baseline analysis
The place in a software program or system where the execution of a new program or set of code.
Point of Entry (PoE)
A type of malicious software designed to block access to a computer system until a sum of money is paid.
Ransomware
Outlines appropriate safeguards to ensure delivery of critical infrastructure services.
Protect
A Microsoft Windows utility that lets you view each of the tasks (processes) and the overall performance of the computer.
Task Manager
The process used to identify potential hazards and analyze what could happen if a disaster or hazard occurs.
Risk Assessment
A malicious technique where a user is tricked into selecting one object on a web page when they want to select another.
Clickjacking
Small blocks of data created by a web server while a user is browsing a website to help the website keep track of the current and historical states of the user's experience on that site.
Cookie
Defines the appropriate activities to identify the occurrence of a cybersecurity event.
Detect
A Windows network monitoring utility that shows a graphical representation of all current network activity on the endpoints of a network.
TCPView
An awareness of everything within and moving through the systems, devices, and telecommunication assets of an organization with the help of software utilities.
Network Visibility
A device or node that connects to the LAN or WAN and accepts communications back and forth across the network.
Endpoint
Which of the following is used to record security-related information on a computer system?
Audit Logs
Includes appropriate activities to take action regarding a detected cybersecurity incident.
Respond
A tool used to monitor and log events on Windows, is commonly used by enterprises as part of their monitoring and logging solutions.
Sysmon
An operating system instrumentation, monitoring, and analytics framework that provides a table-like interface to clients' endpoints.
OSquery
The process of identifying significant relationships from multiple log sources such as application logs, endpoint logs, and network logs.
Event Correlation
Software, code, or commands that take advantage of the weak parts of a system and uses those for malicious purposes.
Exploit
Identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Recover
A suite of more than 70 freeware utilities that was initially developed by Mark Russinovich and Bryce Cogswell that are used to monitor, manage and troubleshoot the Windows Operating System, and which Microsoft now owns and hosts on its TechNet site.
Sysinternals
A free and open source platform used for threat prevention, detection, and response capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
Wazuh
Supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events.
Security Event and Incident Management (SEIM)
The process of creating an inventory of information assets (hardware, software, and information) to evaluate the level of cybersecurity risk.
Security Risk Assessment (SRA)