CIA
The three goals of cybersecurity: Confidentiality, Integrity, and Availability.
What is the CIA Triad?
A beginner attacker who uses existing tools and has a low skill level
What is a Script Kiddie?
Malicious software that encrypts a user's files and demands payment
What is Ransomware?
Fraudulent messages, typically email, used to steal credentials or data.
What is Phishing?
The type of encryption that uses the same key for both encryption and decryption.
What is Symmetric Encryption?
This principle means users receive only the minimum access necessary to perform their duties.
What is Least Privilege?
These threat actors are politically or socially motivated.
What are Hacktivists?
This attack involves inserting malicious SQL code into a web page field to manipulate databases.
What is SQL Injection (SQLi)?
A highly targeted phishing attempt against specific individuals.
What is Spear Phishing?
This one-way function is used to ensure data integrity.
What is Hashing?
The practice of layering multiple security controls (like MFA + firewalls + IDS) to protect systems
What is Defense in Depth?
Highly skilled, well-funded threat actors with long-term strategic goals, often targeting espionage or intellectual property.
What are Nation-states or APT groups?
Malware that disguises itself as legitimate software.
What is a Trojan?
This technique uses a fabricated story to gain a victim's trust and information.
What is Pretexting?
In asymmetric cryptography, this key is kept secret and used for decryption or digital signing.
What is the Private Key?
The CIA component secured by methods like encryption and access controls.
What is Confidentiality?
A type of threat actor that has legitimate access to a system, such as an employee or contractor.
What is an Insider?
A vulnerability where an attacker runs code on a target system.
What is Remote Code Execution (RCE)?
The act of following an authorized person through a secure access point without using one's own credentials.
What is Tailgating or Piggybacking?
A random value added to a password before hashing to prevent rainbow table attacks.
What is a Salt?
The CIA component secured by methods like hashing, checksums, and versioning.
What is Integrity?
The primary motivation for Organized Crime and the goal of most ransomware attacks
What is financial motivation?
A network of compromised machines controlled by an attacker and used to launch large-scale attacks.
What is a Botnet?
A form of phishing that specifically targets executives or high-value individuals.
What is Whaling?
The framework that manages digital certificates, keys, and trusted entities like Certificate Authorities (CAs).
What is Public Key Infrastructure (PKI)?