Network Security & Infrastructure
This network security device acts as a "gatekeeper," controlling traffic between internal networks and the internet based on predetermined rules
What is a Firewall
This is the first step in incident response where you determine if a security event is actually a security incident worth investigating
What is identification (or detection)
This European regulation, implemented in 2018, gives individuals more control over their personal data and can fine companies up to 4% of annual revenue
What is GDPR (General Data Protection Regulation)
These sophisticated, long-term cyberattacks are often state-sponsored and designed to remain undetected while stealing sensitive information
What are APTs (Advanced Persistent Threats)
This social engineering technique involves creating a fictional scenario to engage a victim and steal information—it's like being an actor in a play
What is pretexting
Like a secret tunnel under a castle, this technology creates a secure connection over a public network, often used by remote workers
What is a VPN (Virtual Private Network)
Like a crime scene investigator, this cybersecurity professional analyzes digital evidence to determine what happened during a cyber incident
What is a digital forensics analyst (or cyber forensics investigator)
This U.S. law protects the privacy of student education records and gives parents certain rights regarding their children's education records
What is FERPA (Family Educational Rights and Privacy Act)
This type of attack uses legitimate system tools and processes to carry out malicious activities, making it hard to detect—it's like a wolf in sheep's clothing
What is a living off the land attack (or fileless malware)
This type of attack involves leaving infected USB drives or other media in public places, hoping curious people will plug them into their computers
What is baiting
This network monitoring practice involves examining data packets flowing through a network to detect suspicious activity—it's like having a security guard watch the traffic
What is network monitoring (or packet inspection)
This type of evidence must be collected in a specific way to ensure it can be used in legal proceedings—think "chain of custody"
What is digital evidence (or forensic evidence)
In healthcare, this law protects patient health information and sets standards for how it can be used and disclosed
What is HIPAA (Health Insurance Portability and Accountability Act)
Named after a wooden horse from ancient Troy, this malware disguises itself as legitimate software to trick users into installing it
What is a Trojan (or Trojan horse)
Named after a popular children's game, this social engineering attack involves following authorized personnel into secure areas without proper authentication
What is tailgating (or piggybacking)
This type of attack floods a network or server with traffic to make it unavailable to legitimate users—think of it as a digital traffic jam
What is a DDoS (Distributed Denial of Service) attack
During incident response, this phase involves removing the threat and restoring normal operations—it's like cleaning up after a party
What is recovery (or restoration)
This principle ensures that individuals only have access to the data and systems necessary to perform their job functions—no more, no less
What is least privilege (or principle of least privilege)
This attack technique involves moving laterally through a network after initial compromise to reach high-value targets—like exploring a building after breaking in
What is lateral movement
This security awareness training method uses fake phishing emails to test employees' ability to recognize and report suspicious messages
What is phishing simulation (or phishing testing)
This network segmentation technique isolates devices or network sections to contain potential security breaches—like building walls within a castle
What is network segmentation (or subnetting)
This post-incident activity helps organizations learn from security events and improve their defenses for next time
What is lessons learned (or post-incident review)
This process involves removing or obscuring personally identifiable information from datasets to protect individual privacy
What is data anonymization (or data de-identification)
This type of insider threat involves employees who have legitimate access but use it maliciously to harm the organization
What is a malicious insider (or insider threat)
This principle states that security should not depend on the secrecy of the system design, but rather on the secrecy of easily changeable components like passwords
What is Kerckhoffs's principle (or open design)