Risk that an event will pose if no controls are put in place to mitigate it.
What is inherent risk?
A target for system and access events generated by a network appliance, such as a switch, wireless access point, or router.
What are network logs?
A malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
What is a cross-site request forgery (CSRF)?
An incident response process that correlates event data to determine whether they are indicators of an incident.
What is detection?
A policy that governs employees’ use of company equipment and Internet services.
What is an Acceptable Use Policy (AUP)?
A cybersecurity technique designed to detect the presence of threats that have not been discovered by normal security monitoring.
What is threat hunting?
A strategic assessment of what level of residual risk is tolerable for an organization.
What is risk appetite?
A target for event data relating to a specific software app or package.
What are application logs?
A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
What is a SYN flood attack?
An incident response process in which hosts, networks, and systems are brought back to a secure baseline configuration.
What is recovery?
A strictly enforceable ruleset that determines how a task should be completed.
What are policies?
Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
What is a remote access Trojan (RAT)?
In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.
What is risk deterrence (or reduction)?
Parsing information from multiple log and security event data sources so that it can be presented in a consistent and searchable format.
What is log aggregation?
An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.
What is a distributed DoS (DDoS) attack?
An incident response process in which malicious tools and configurations on hosts and networks are removed.
What is eradication?
Best practice recommendations and advice for configuration items where detailed, strictly enforceable policies and standards are impractical.
What are guidelines?
A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.
What is a botnet?
The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring are needed.
What is risk acceptance?
A target for event data related to access rules that have been configured for logging.
What is firewall logging?
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.
What is a downgrade attack?
In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.
What is a timeline?
Expected outcome or state of a task that has been performed in accordance with policies and procedures. These can be determined internally or measured against external frameworks.
What are standards?
Class of malware that modifies system files, often at the kernel level, to conceal its presence.
What is a rootkit?
In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.
What is risk transference (or sharing)?
A target for event data related to access control, such as user authentication and privilege use.
What are security logs?
An attack that uses a captured authentication token to start an unauthorized session without having to discover the plaintext password for an account.
What is a credential replay attack?
In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.
What is provenance?
An agreement that sets the service requirements and expectations between a consumer and a provider.
What is a Service-level Agreement (SLA)?
Software that records information about a PC and its users, often installed without the user’s consent.
What is spyware?
Risk that remains even after controls are put into place.
What is residual risk?
A potential indicator of malicious activity where event dates or timestamps are not consistent.
What is out-of-cycle logging?
Where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application.
What is a command injection attack?
A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.
What is a write blocker?
Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.
What is a Memorandum of Understanding (MOU)?
Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.
What is ransomware?
The response of reducing risk to fit within an organization’s willingness to accept risk.
What is risk mitigation (or remediation)?
A potential indicator of malicious activity where events or log files are deleted or tampered with.
What is missing logs?
An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.
What is a directory traversal attack?
An analysis of events that can provide insight into how to improve response and support processes in the future.
What is a lessons learned report (LLR)?
An agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties.
What is a Non-disclosure Agreement (NDA)?
A malicious program or script that is set to run under particular circumstances or in response to a defined event.
What is a logic bomb?