Crypto-nite
A method for securely exchanging cryptographic keys.
What is Diffie-Hellman (D-H)?
A system for identifying and cataloging security vulnerabilities.
What is Common Vulnerabilities and Exposures (CVE)?
A centralized platform for verifying identities, assigning permissions, and logging actions.
What is Authentication, authorization, and accounting (AAA)?
A team responsible for handling security incidents.
What is Computer incident response team (CIRT)?
Advanced firewall technology with features like app awareness and user-based filtering.
What is Next-generation firewall (NGFW)?
Threat actors supported by a country’s military and security services.
What are Nation-state actors?
The process of identifying and analyzing risks.
What is Risk assessment?
Regulations protecting personal data of EU citizens.
What is General Data Protection Regulation (GDPR)?
A technique for generating random values by sampling physical phenomena.
What is a True random number generator (TRNG)?
A method for quantifying vulnerability data and assessing risk.
What is Common Vulnerability Scoring System (CVSS)?
A process for managing identification, authentication, and authorization mechanisms.
What is Identity and access management (IAM)?
Procedures for managing security incidents, including preparation, detection, analysis, containment, eradication, and recovery.
What is Incident response lifecycle?
All-in-one security appliances combining multiple security functions.
What is Unified threat management (UTM)?
Threat actors using hacking for commercial gain.
What is Organized crime?
A numerical method for assessing risk probability and impact.
What is Quantitative risk analysis?
Requirements for document storage and retention related to financial operations.
What is Sarbanes-Oxley Act (SOX)?
A feature ensuring that a compromised key affects only a single session.
What is Perfect Forward Secrecy (PFS)?
A framework for automating vulnerability scanning.
What is Security Content Automation Protocol (SCAP)?
A personal authentication method for Wi-Fi networks.
What is Simultaneous Authentication of Equals (SAE)?
A technique to identify the underlying cause of a problem.
What is Root cause analysis?
Services using software-defined mechanisms for virtual tunnels and overlay networks.
What is Software-Defined Wide Area Network (SD-WAN)?
Threat actors motivated by social or political causes.
What are Hacktivists?
The annual cost of a risk to an organization.
What is Annualized Loss Expectancy (ALE)?
US law protecting personal healthcare data.
What is Health Insurance Portability and Accountability Act (HIPAA)?
An encryption mechanism used to enhance wireless security.
What is Temporal Key Integrity Protocol (TKIP)?
Standards and guidelines for effective security risk management.
What are Cybersecurity frameworks (CSF)?
A framework for implementing authentication providers.
What is Pluggable authentication module (PAM)?
A proactive approach to detecting threats not found by regular monitoring.
What is Threat hunting?
A networking and security architecture combining various security services with networking services.
What is Secure Access Service Edge (SASE)?
Threat actors with advanced capabilities for long-term unauthorized access.
What is Advanced persistent threat (APT)?
The comprehensive process of managing organizational risks.
What is Enterprise risk management (ERM)?
Groups sharing sector-specific threat intelligence.
What are Information Sharing and Analysis Centers (ISACs)?
A method for securing data in transit using protocols like WPA, IPsec, or TLS.
What is Transport/communication encryption?
An organization that develops computer security standards and publishes best practice guides.
What is National Institute of Standards and Technology (NIST)?
A protocol for managing remote and wireless authentication.
What is Remote Authentication Dial-In User Service (RADIUS)?
Using threat intelligence data to automate detection of adversary actions.
What is Intelligence fusion?
A security tool that detects and blocks attacks.
What is Intrusion prevention system (IPS)?
An entity responsible for a security incident.
What is a Threat actor?
Metrics for identifying emerging risks.
What are Key Risk Indicators (KRIs)?
Creating and monitoring policies to manage assets and ensure compliance.
What is Governance?
A technique to verify message integrity and authenticity by combining a cryptographic hash with a secret key.
What is Hash-based Message Authentication Code (HMAC)?
A set of guidelines to encourage the use of public key infrastructure.
What are Public Key Cryptography Standards (PKCS)?
A data format for exchanging authentication information.
What is Security Assertion Markup Language (SAML)?
Specific procedures for responding to detected events.
What is Incident response plan (IRP)?
A method for securing data in transit.
What is Transport/communication encryption?
The ability of a threat actor to use advanced techniques.
What is Level of sophistication/capability?
Reducing risk to acceptable levels.
What is Risk mitigation (or remediation)?
Senior executives responsible for setting strategy and ensuring compliance.
What are Governance boards?
A set of guidelines to encourage the use of public key infrastructure.
What are Public Key Cryptography Standards (PKCS)?
A method for assessing the risk of vulnerabilities.
What is Common Vulnerability Scoring System (CVSS)?
An authentication scheme requiring multiple credentials.
What is Multifactor authentication (MFA)?
The process of identifying potential security incidents.
What is Detection?
A technique for verifying message integrity and authenticity.
What is Hash-based Message Authentication Code (HMAC)?
The financial and personnel resources available to threat actors.
What are Resources/funding?
Deploying controls to reduce risk likelihood and impact.
What is Risk deterrence (or reduction)?
Experts defining policies and standards within a specific domain.
What are Governance committees?
A framework involving certificate authorities, digital certificates, and other cryptographic components for validating identities.
What is Public key infrastructure (PKI)?
A framework for automating security assessments.
What is Security Content Automation Protocol (SCAP)?
An access control model managed by resource owners.
What is Discretionary access control (DAC)?
The process of removing malicious tools and configurations.
What is Eradication?
An encryption mechanism for wireless security.
What is Temporal Key Integrity Protocol (TKIP)?
An attack compromising the availability of a service.
What is Service disruption?
Determining that a risk is within acceptable levels.
What is Risk acceptance?
A senior role responsible for maintaining the confidentiality, integrity, and availability of an information asset.
What is an Owner?