Security Fundamentals
The "A" in the CIA Triad that ensures systems and data are accessible to authorized users when needed.
What is Availability?
A social engineering attack where fraudulent emails are sent to trick users into revealing sensitive information.
What is Phishing?
Short, sturdy posts designed to prevent vehicles from ramming into buildings or unauthorized areas.
What are Bollards?
This type of encryption uses a single shared key for both encryption and decryption.
What is Symmetric Encryption?
The process of identifying, assessing, and mitigating potential threats to an organization’s assets.
What is Risk Management?
his concept ensures that a sender cannot deny the authenticity of their actions, such as sending a message.
What is Non-Repudiation?
This type of malware encrypts a victim’s files and demands payment for the decryption key.
What is Ransomware?
The act of an unauthorized person following an authorized individual through a secure door without credentials.
What is Tailgating (or Piggybacking)?
A one-way process that transforms data into a fixed-size string of characters, acting like a digital fingerprint.
What is Hashing?
A type of risk analysis that uses numerical data and financial values to assess risk.
What is Quantitative Risk Analysis?
Passwords, PINs, and answers to security questions fall under this factor of authentication.
What is Something You Know?
A malicious program that disguises itself as legitimate software to deceive users into installing it.
What is a Trojan?
A secure entry system with two sets of doors where the first must close before the second opens.
What is an Access Control Vestibule (or Mantrap)?
The technique of adding a random value to a password before hashing it to prevent rainbow table attacks.
What is Salting?
A comprehensive EU regulation that governs data protection and privacy for individuals.
What is GDPR?
This security model operates on the principle of "never trust, always verify," assuming no user or device is trusted by default.
What is Zero Trust?
This social engineering technique involves creating a fabricated scenario or backstory to gain a target's trust.
What is Pretexting?
Data that is actively moving from one location to another, such as over the internet or a network.
What is Data in Transit?
A system that manages digital certificates and public-private key pairs to enable secure communication.
What is Public Key Infrastructure (PKI)?
A document that outlines the rules for how employees can use company IT resources like email and the internet.
What is an Acceptable Use Policy (AUP)?
Policies, training, and incident response plans fall under this category of security controls.
What are Administrative Controls?
A threat actor motivated by political or social causes rather than financial gain.
What is a Hacktivist?
The concept that data is subject to the laws and regulations of the country where it is physically stored.
What is Data Sovereignty?
An asymmetric algorithm based on elliptic curves that is efficient for mobile devices and smart cards.
What is ECC (Elliptic Curve Cryptography)?
The structured approach to managing modifications to IT systems to minimize disruptions and security risks.
What is Change Management?