Threat actors
Internal employees who abuse their privileged access.
What is an insider threat?
This type of attack attempts to overload a system's resources by sending an excessive amount of traffic, often through a botnet.
What is a "Distributed Denial of Service (DDoS) attack"?
This U.S. law requires organizations to notify individuals of breaches involving personal health information.
What is the "HIPAA" or "Health Insurance Portability and Accountability Act"?
This AWS service helps detect and respond to security threats in real-time by analyzing logs and monitoring network traffic.
What is AWS GuardDuty?
This type of key in a cryptographic system is used for both encryption and decryption.
What is a "Symmetric Key"?
Groups that illegally breach information systems for the purpose of illicit profits.
What are cybercriminals?
This attack involves tricking individuals into revealing sensitive information or performing actions by pretending to be a trustworthy entity.
What is "Phishing"?
This is the ISO framework number for privacy
What is 27701?
This cloud security concept involves divvying up security accountability between the cloud service provider and the customer.
What is the shared responsibility model?
This cryptographic technique involves adding random data to the plaintext before hashing to increase security.
What is "Salting"?
These hackers work together to achieve their objectives related to a social or political cause.
What are hacktivists?
This type of attack involves encrypting a victim's data and demanding a ransom for the decryption key.
What is a "Ransomware attack"?
This EU framework is designed to help organizations implement a structured approach to data protection and privacy compliance.
What is GDPR?
This three letter acronym is the common nomenclature for a cloud infrastructure service that determines who you are and what you can do in the system.
What is IAM (Identity and Access Management)?
This cryptographic protocol provides secure communication over an untrusted network, and is used frequently on the internet.
What is TLS? (Also, SSL, HTTPS)
These two geographic words are used to refer to groups that act on behalf of their government to attack systems.
What are nation state?
In this type of attack, malicious code is executed on trusted devices to compromise the security of a system.
What is a "Malware"?
This mechanism is used in risk management to transfer financial risk to a third party.
What is insurance?
Got logs? This AWS service helps you audit who's accessing service APIs in your account.
What is CloudTrail?
In a public-key infrastructure (PKI), this trusted entity issues digital certificates that verify the identity of certificate holders.
What is a Certificate Authority?
This three letter acronym refers to threats that use state-of-the-art hacking techniques and have significant resources.
What is APT (Advanced Persitant Threat)?
In this attack, SQL metacharacters are sent as user input to disrupt a query syntax and cause a database to perform unexpected operations.
What is "SQL injection"?
This tuneful term is used for employees and stakeholders who report unethical behavior or compliance violations anonymously.
What is a whistle blower?
This term is used to describe the practice of configuring cloud resources using text, as opposed to the "ClickOps"-style of creating them through the web UI.
What is IaC (Infrastructure as Code)?
This "handy" piece of data can be used to verify the integrity and authenticity of a message or software.
What is a digital signature?