Terms and Acronyms
2FA (Two-Factor Authentication)
A security process in which users provide two different authentication factors to verify themselves, enhancing the security of their account and the network.
Absolute file path
The full file path, which starts from the root
Access controls
Security controls that manage access, authorization, and accountability of information
ACL (Access Control List)
A set of rules that controls the incoming and outgoing network traffic on a device or network, based on a set of criteria.
Active packet sniffing
A type of attack where data packets are manipulated in transit
Address Resolution Protocol (ARP)
A network protocol used to determine the MAC address of the next router or device on the path
Advanced Persistent Threat (APT)
An instance when a threat actor maintains unauthorized access to a system for an extended period of time
Adversarial Artificial Intelligence (AI)
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Adware
A type of legitimate software that is sometimes used to display digital advertisements in applications
Algorithm
A set of rules used to solve a problem
Analysis
The investigation and validation of alerts
Angler phishing
A technique where attackers impersonate customer service representatives on social media
Anomaly-based analysis
A detection method that identifies abnormal behavior
Antivirus software
A software program used to prevent, detect, and eliminate malware and viruses
Application
A program that performs a specific task
Application programming interface (API) token
A small block of encrypted code that contains information about a user
Argument (Linux)
Specific information needed by a command
Argument (Programming)
The data brought into a function when it is called
Argument (Python)
The data brought into a function when it is called
ARP (Address Resolution Protocol)
A protocol used to map an IP address to a physical machine address (MAC address) on a local area network.
Array
A data type that stores data in a comma-separated ordered list
Assess
The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
Asset
An item perceived as having value to an organization
Asset classification
The practice of labeling assets based on sensitivity and importance to an organization
Asset inventory
A catalog of assets that need to be protected
Asset management
The process of tracking assets and the risks that affect them
Asymmetric encryption
The use of a public and private key pair for encryption and decryption of data
Attack surface
All the potential vulnerabilities that a threat actor could exploit; The characteristics and features of the areas where an attack can come from
Attack tree
A diagram that maps threats to assets
Attack vectors
The pathways attackers use to penetrate security defenses
Authentication
The process of verifying who someone is
Authorization
The concept of granting access to specific resources in a system
Authorize
The sixth step of the NIST RMF refers to being accountable for the security and privacy risks that might exist in an organization
Automation
The use of technology to reduce human and manual effort to perform common and repetitive tasks
Availability
The idea that data is accessible to those who are authorized to access it
Baiting
A social engineering tactic that tempts people into compromising their security
Bandwidth
The maximum data transmission capacity over a network, measured by bits per second
Baseline configuration (baseline image)
A documented set of specifications within a system that is used as a basis for future builds, releases, and updates
Bash
The default shell in most Linux distributions
Basic auth
The technology used to establish a user’s request to access a server
Basic Input/Output System (BIOS)
A microchip that contains loading instructions for the computer and is prevalent in older systems
BGP (Border Gateway Protocol)
The protocol underlying the global routing system of the internet, managing how packets get routed from network to network through the exchange of routing and reachability information among edge routers.
Biometrics
The unique physical characteristics that can be used to verify a person’s identity
Bit
The smallest unit of data measurement on a computer
Boolean data
Data that can only be one of two values: either True or False
Bootloader
A software program that boots the operating system
Botnet
A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"; A network of private computers infected with malicious software and controlled as a group without the owners' knowing, often to send spam or participate in DDoS attacks.
Bracket notation
The indices placed in square brackets
Broken chain of custody
Inconsistencies in the collection and logging of evidence in the chain of custody
Brute force attack
The trial and error process of discovering private information
Bug bounty
Programs that encourage freelance hackers to find and report vulnerabilities
Built-in function
A function that exists within Python and can be called directly
Business continuity
An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans
Business continuity plan (BCP)
A document that outlines the procedures to sustain business operations during and after a significant disruption
Categorize
The second step of the NIST RMF that is used to develop risk management processes and tasks
CentOS
An open-source distribution that is closely related to Red Hat
Central Processing Unit (CPU)
A computer’s main processor, which is used to perform general computing tasks on a computer
Chain of Custody
The process of documenting evidence possession and control during an incident lifecycle
CIDR (Classless Inter-Domain Routing)
A method for allocating IP addresses and IP routing that is more flexible than older systems like classful networking.
Cipher
An algorithm that encrypts information
Cloud computing
The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Cloud network
A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
Cloud security
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Cloud-based firewalls
Software firewalls that are hosted by the cloud service provider
Command
An instruction telling the computer to do something
Command and control (C2)
The techniques used by malicious actors to maintain communications with compromised systems
Command-line interface
A text-based user interface that uses commands to interact with the computer
Command-line interface (CLI)
A text-based user interface that uses commands to interact with the computer
Comment
A note programmers make about the intention behind their code
Common Event Format (CEF)
A log format that uses key-value pairs to structure data and identify fields and their corresponding values
Common Vulnerabilities and Exposures (CVE®) list
An openly accessible dictionary of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS)
A measurement system that scores the severity of a vulnerability
Compliance
The process of adhering to internal standards and external regulations
Computer Security Incident Response Teams (CSIRT)
A specialized group of security professionals that are trained in incident management and response
Computer virus
Malicious code written to interfere with computer operations and cause damage to data and software
Conditional statement
A statement that evaluates code to determine if it meets a specified set of conditions
Confidential data
Data that often has limits on the number of people who have access to it
Confidentiality
The idea that only authorized users can access specific assets or data
Confidentiality, Integrity, Availability (CIA) triad
A model that helps inform how organizations consider risk when setting up systems and security policies
Configuration file
A file used to configure the settings of an application
Containment
The act of limiting and preventing additional damage caused by an incident
Content Filter
Software that screens and restricts the content delivered over the web to a user.
Controlled zone
A subnet that protects the internal network from the uncontrolled zone
Cross-site scripting (XSS)
An injection attack that inserts code into a vulnerable website or web application
Crowdsourcing
The practice of gathering information using public input and collaboration
Cryptographic Attack
An attack that affects secure forms of communication between a sender and intended recipient Cryptographic key
Cryptojacking
A form of malware that installs software to illegally mine cryptocurrencies
CVE Numbering Authority (CNA)
An organization that volunteers to analyze and distribute information on eligible CVEs
Data
Information that is translated, processed, or stored by a computer
Data at rest
Data not currently being accessed Database
Data controller
A person that determines the procedure and purpose for processing data
Data custodian
Anyone or anything that’s responsible for the safe handling, transport, and storage of information
Data exfiltration
Unauthorized transmission of data from a system
Data in transit
Data traveling from one point to another
Data in use
Data being accessed by one or more users
Data owner
The person that decides who can access, edit, use, or destroy their information
Data packet
A basic unit of information that travels from one device to another within a network
Data point
A specific piece of information Data processor
Data processor
A person that is responsible for processing data on behalf of the data controller
Data protection officer (DPO)
An individual that is responsible for monitoring the compliance of an organization's data protection procedures
Data type
A category for a particular type of data item
Database
An organized collection of information or data
Date and time data
Data representing a date and/or time
DDoS (Distributed Denial of Service)
An attack that attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS Protection
Measures to protect a network or server from Distributed Denial-of-Service attacks.
Debugger
A software tool that helps to locate the source of an error and assess its causes
Debugging
The practice of identifying and fixing errors in code
Defense in depth
A layered approach to vulnerability management that reduces risk Digital certificate
Denial of service (DoS) attack
An attack that targets a network or server and floods it with network traffic
Detection
The prompt discovery of security events
DHCP
Dynamic Host Configuration Protocol assigns IP addresses dynamically to devices on a network.
DHCP (Dynamic Host Configuration Protocol)
A network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network.
Dictionary data
Data that consists of one or more key-value pairs
Digital certificate
A file that verifies the identity of a public key holder
Digital forensics
The practice of collecting and analyzing data to determine what has happened after an attack
Directory
A file that organizes where other files are stored Distributions
Disaster recovery plan
A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident
Distributed denial of service (DDoS) attack
A type of denial or service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic
Distributions
The different versions of Linux Documentation
DNS
Domain Name System translates domain names to IP addresses, allowing users to access websites with human-readable names.
DNS (Domain Name System)
The hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the internet or other IP networks by translating human-friendly domain names to machine-readable IP addresses.
Documentation
Any form of recorded content that is used for a specific purpose
Domain Name System (DNS)
A networking protocol that translates internet domain names into IP addresses
DOM-based XSS attack
An instance when malicious script exists in the webpage a browser loads
DPI (Deep Packet Inspection)
A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for non-compliance with or violations of protocol, viruses, spam, intrusions, or defined criteria.
Dropper
A type of malware that comes packed with malicious code which is delivered and installed onto a target system
EDR (Endpoint Detection and Response)
A cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats, specifically focusing on endpoint devices.
Elevator pitch
A brief summary of your experience, skills, and background
Encapsulation
A process performed by a VPN service that protects your data by wrapping sensitive data in other data packets Encryption
Encryption
The process of converting data from a readable format to an encoded format; The process of encoding data to prevent unauthorized access.
Endpoint
Any device connected on a network
Endpoint detection and response (EDR)
An application that monitors an endpoint for malicious activity
Eradication
The complete removal of the incident elements from all affected systems
Escalation policy
A set of actions that outlines who should be notified when an incident alert occurs and how that incident should be handled
Event
An observable occurrence on a network, system, or device
Exception
An error that involves code that cannot be executed even though it is syntactically correct
Exclusive operator
An operator that does not include the value of comparison
Exploit
A way of taking advantage of a vulnerability
Exposure
A mistake that can be exploited by a threat
External Threat
Anything outside the organization that has the potential to harm organizational assets
False Negative
A state where the presence of a threat is not detected
False Positive
An alert that incorrectly detects the presence of a threat Fileless Malware
File path
The location of a file or directory
Fileless malware
Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer
Filesystem Hierarchy Standard (FHS)
The component of the Linux OS that organizes data
Filtering
Selecting data that match a certain condition
Final report
Documentation that provides a comprehensive review of an incident
Firewall
A network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules or on an organization's previously established security policies.
Float data
Data consisting of a number with a decimal point
Foreign key
A column in a table that is a primary key in another table
Forward proxy server
A server that regulates and restricts a person’s access to the internet
Function
A section of code that can be reused in a program
Global variable
A variable that is available through the entire program
Graphical User Interface (GUI)
A user interface that uses icons on the screen to manage different tasks on the computer
Hacker
Any person or group who uses computers to gain unauthorized access to systems, networks, or data
Hacktivist
A person who uses hacking to achieve a political goal Hard drive
Hard drive
A hardware component used for long-term memory
Hardware
The physical components required to run a computer
Hash collision
An instance when different inputs produce the same hash value
Hash function
An algorithm that produces a code that can’t be decrypted Hash table
Honeypot
A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders; A security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems, essentially a trap to catch cyber attackers.
Host-based intrusion detection system (HIDS)
An application that monitors the activity of the host on which it’s installed
Hub
A network device that broadcasts information to every device on the network
Hypertext Transfer Protocol (HTTP)
An application layer protocol that provides a method of communication between clients and website servers
Hypertext Transfer Protocol Secure (HTTPS)
A network protocol that provides a secure method of communication between clients and servers
Identify
A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets
Identity and access management (IAM)
A collection of processes and technologies that helps organisations manage digital identities in their environment
IDS (Intrusion Detection System)
A device or software application that monitors a network or systems for malicious activity or policy violations.
IDS/IPS
Intrusion Detection Systems / Intrusion Prevention Systems monitor network traffic for suspicious activity and prevent attacks.
IEEE 802.11 (Wi-Fi)
A set of standards that define communication for wireless LANs
Immutable
An object that cannot be changed after it is created and assigned a value
Implement
The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Improper usage
An incident type that occurs when an employee of an organization violates the organization’s acceptable use policies
Incident
An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies
Incident escalation
The process of identifying a potential security incident, triaging it, and handing it off to a more experienced team member
Incident handler’s journal
A form of documentation used in incident response
Incident Response
An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach; The organized approach to addressing and managing the aftermath of a security breach or cyber attack, aiming to limit damage and reduce recovery time and costs.
Incident response plan
A document that outlines the procedures to take in each step of incident response
Inclusive operator
An operator that includes the value of comparison Internal
Indentation
Space added at the beginning of a line of code
Index
A number assigned to every element in a sequence that indicates its position
Indicators of attack (IoA)
The series of observed events that indicate a real-time incident
Indicators of compromise (IoC)
Observable evidence that suggests signs of a potential security incident
Information privacy
The protection of unauthorised access and distribution of data
Information security (InfoSec)
The practice of keeping data in all states away from unauthorised users
Injection attack
Malicious code inserted into a vulnerable application
Input validation
Programming that validates inputs from users and other programs
Integer data
Data consisting of a number that does not include a decimal point
Integrated Development Environment (IDE)
A software application for writing code that provides editing assistance and error correction tools
Integrity
The idea that the data is correct, authentic, and reliable
Internal threat
A current or former employee, external vendor, or trusted partner who poses a security risk
Internet Control Message Protocol (ICMP)
An internet protocol used by devices to tell each other about data transmission errors across the network
Internet Control Message Protocol (ICMP) flood
A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server
Internet Protocol (IP)
A set of standards used for routing and addressing data packets as they travel between devices on a network
Internet Protocol (IP) address
A unique string of characters that identifies the location of a device on the internet
Interpreter
A computer program that translates Python code into runnable instructions line by line
Intrusion detection system (IDS)
An application that monitors system activity and alerts on possible intrusions
Intrusion prevention system (IPS)
An application that monitors system activity for intrusive activity and takes action to stop the activity
IP Address
A unique identifier for a device on a network, used for locating and differentiating devices.
IP spoofing
A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network
IPS (Intrusion Prevention System)
An extension of IDS that not only detects but also prevents identified threats.
IPv4/lPv6
Internet Protocol version 4 and version 6 are the fourth and sixth versions of the Internet Protocol, respectively, used to identify devices on a network through an addressing system.
Iterative statement
Code that repeatedly executes a set of instructions
Kali Linux
An open-source distribution of Linux that is widely used in the security industry
KALI LINUX TM
An open-source distribution of Linux that is widely used in the security industry
Kernel
The component of the Linux OS that manages processes and memory
Key-Value Pair
A set of data that represents two linked items
Latency
The delay before a transfer of data begins following an instruction for its transfer.
Legacy operating system
An operating system that is outdated but still being used
Lessons Learned Meeting
A meeting that includes all involved parties after a major incident
Library
A collection of modules that provide code users can access in their programs
Linux
An open-source operating system
List concatenation
The concept of combining two lists into one by placing the elements of the second list directly after the elements of the first list
List data
A data structure that consists of a collection of data in sequential form
Load Balancer
A device that distributes network or application traffic across multiple servers to improve responsiveness and availability.
Loader
A type of malware that downloads strains of malicious code from an external source and installs them onto a target system
Local Area Network (LAN)
A network that spans small areas like an office building, a school, or a home
Local variable
A variable assigned within a function
Log
A record of events that occur within an organisation’s systems
Log analysis
The process of examining logs to identify events of interest
Log management
The process of collecting, storing, analyzing, and disposing of log data
Logging
The recording of events occurring on computer systems and networks
Logic error
An error that results when the logic used in code produces unintended results
Loop variable
A variable that is used to control the iterations of a loop
MAC Address
A hardware identification number that uniquely identifies each device on a network.
MAC Address (Media Access Control Address)
A unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.
Malware
Any software intentionally designed to cause damage to a computer, server, client or computer.
Malware infection
An incident type that occurs when malicious software designed to disrupt a system infiltrates an organization’s computers or network
Managed Security Service Provider (MSSP)
Provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. MSSPs use high-availability security operation centers (either from their own facilities or from other data center providers) to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs to hire, train and retain to maintain an acceptable security posture.
Media Access Control (MAC) Address
A unique alphanumeric identifier that is assigned to each physical device on a network
Method
A function that belongs to a specific data type
Metrics
Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application
MITM (Man In The Middle Attack)
An attack where the attacker secretly intercepts and alters the communication between two parties who believe they are directly communicating with each other.
MITRE
A collection of non-profit research and development centres
Model
A conceptual framework used to understand network interactions in seven layers: Physical, Data Link, Network, Transport, Session, Presentation, Application.
Modem
A device that connects your router to the internet and brings internet access to the LAN
Module
A Python file that contains additional functions, variables, classes, and any kind of runnable code
Monitor
The seventh step of the NIST RMF that means be aware of how systems are operating
Multi-factor authentication (MFA)
A technology that requires at least two distinct forms of identification; A security measure which requires a user to verify their identity in two or more ways to access a system or network
nano
A command-line file editor that is available by default in many Linux distributions
NAT
Network Address Translation allows a network to use one set of IP addresses for internal traffic and another for external traffic.
NAT (Network Address Translation)
A method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
National Institute of Standards and Technology (NIST) Incident Response Lifecycle
A framework for incident response consisting of four phases
National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53
A unified framework for protecting the security of information systems within the U.S. federal government
Network
A group of connected devices
Network data
The data that’s transmitted between devices on a network
Network Interface Card (NIC)
Hardware that connects computers to a network
Network log analysis
The process of examining network logs to identify events of interest
Network protocol analyzer (packet sniffer)
A tool designed to capture and analyze data traffic within a network
Network protocols
A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data
Network segmentation
A security technique that divides the network into segments
Network traffic
The amount of data that moves across a network
Network-based intrusion detection system (NIDS)
An application that collects and monitors network traffic and network data
NIDS (Network Intrusion Detection System)
A system that analyzes incoming network traffic to identify any suspicious patterns that may indicate a network or system attack.
NIPS (Network Intrusion Prevention System)
A system that not only detects but also prevents network attacks by blocking detected malicious traffic.
Non-repudiation
The concept that the authenticity of information can’t be denied
Notebook
An online interface for writing, storing, and running code
Numeric data
Data consisting of numbers
OAuth
An open-standard authorization protocol that shares designated access between applications
Object
A data type that stores data in a comma-separated list of key-value pairs
On-path attack
An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit
Open systems interconnection (OSI) model
A standardized concept that describes the seven layers computers use to communicate and send data over the network
Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)
A non-profit organization focused on improving software security
Open-source intelligence (OSINT)
The collection and analysis of information from publicly available sources to generate usable intelligence
Operating system (OS)
The interface between computer hardware and the user
Operator
A symbol or keyword that represents an operation
Options
Input that modifies the behavior of a command
OSI Model (Open Systems Interconnection Model)
A conceptual framework used to understand network interactions in seven layers: physical, data link, network, transport, session, presentation, and application.
OWASP Top 10
A globally recognized standard awareness document that lists the top 10 most critical security risks to web applications
Package
A piece of software that can be combined with other packages to form an application
Package manager
A tool that helps users install, manage, and remove packages or applications
Packet capture (p-cap)
A file containing data packets intercepted from an interface or network
Packet Sniffing
The practice of monitoring and capturing all data packets passing through a given network using a software application or hardware device.
Parameter (Python)
An object that is included in a function definition for use in that function
Parrot
An open-source distribution that is commonly used for security
Parsing
The process of converting data into a more readable format
Passive packet sniffing
A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network
Patch Management
The process of distributing and applying updates to software, including security patches, to protect against vulnerabilities exploited by hackers.
Patch update
A software and operating system update that addresses security vulnerabilities within a program or product
Payment Card Industry Data Security Standards (PCI DSS)
A set of security standards formed by major organisations in the financial industry
Penetration test (pen test)
A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes Peripheral devices
Penetration Testing
The practice of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit.
Penetration testing (pen test)
A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes
PEP 8 style guide
A resource that provides stylistic guidelines for programmers working in Python
Personally identifiable information (PII)
Any information used to infer an individual's identity
Phishing
A cyber attack employing deceptive communications, typically email, aimed at tricking individuals into revealing personal information, installing malware, or opening links to infected websites.
Phishing kit
A collection of software tools needed to launch a phishing campaign Policy
Ping of death
A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
Playbook
A manual that provides details about any operational action
Port
A software-based location that organizes the sending and receiving of data between devices on a network
Port Filtering
A firewall function that blocks or allows certain port numbers to limit unwanted communication Post-incident activity
Port Scanning
The act of systematically scanning a computer's ports to find vulnerabilities.
Post-incident activity
The process of reviewing an incident to identify areas for improvement during incident handling
Potentially unwanted application (PUA)
A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software
Prepare
The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Prepared statement
A coding technique that executes SQL statements before passing them onto the database
Principle of least privilege
The concept of granting only minimal access and authorisation required to complete a task or function; Access and authorization to information only last long enough to complete a task
Private data
Information that should be kept from the public
Procedures
Step-by-step instructions to perform a specific security task
Process of Attack Simulation and Threat Analysis (PASTA)
A popular threat modelling framework that’s used across many industries
Programming
A process that can be used to create a specific set of instructions for a computer to execute tasks
Protect
A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Protected health information (PHI)
Information that relates to the past, present, or future physical or mental health or condition of an individual
Protecting and Preserving Evidence
The process of properly working with fragile and volatile digital evidence
Proxy Server
A server that fulfills the requests of its clients by forwarding them to other servers; Acts as an intermediary for requests from clients seeking resources from other servers.
Public data
Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
Public key infrastructure (PKI)
An encryption framework that secures the exchange of online information
Python Standard Library
An extensive collection of Python code that often comes packaged with Python
Query
A request for data from a database table or a combination of tables
Quid Pro Quo
A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money
Rainbow table
A file of pre-generated hash values and their associated plaintext
Random Access Memory (RAM)
A hardware component used for short-term memory Ransomware
Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access; A type of malicious software designed to block access to a computer system or data, typically by encrypting it, until a sum of money is paid.
Rapport
A friendly relationship in which the people involved understand each other’s ideas and communicate well with each other
Recover
A NIST core function related to returning affected systems back to normal operation
Recovery
The process of returning affected systems back to normal operations
Red Hat Enterprise Linux (also referred to simply as Red Hat in this course)
A subscription-based distribution of Linux built for enterprise use
Red Hat® Enterprise Linux® (also referred to simply as Red Hat in this course)
A subscription-based distribution of Linux built for enterprise use
Reflected XSS attack
An instance when a malicious script is sent to a server and activated during the server’s response
Regular expression (regex)
A sequence of characters that forms a pattern
Regulations
Rules set by a government or other authority to control the way something is done
Relational database
A structured database containing tables that are related to each other
Relative file path
A file path that starts from the user's current directory Root directory
Replay attack
A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time
Resilience
The ability to prepare for, respond to, and recover from disruptions
Respond
A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process
Return statement
A Python statement that executes inside a function and sends information back to the function call
Reverse proxy server
A server that regulates and restricts the internet's access to an internal server
Risk
Anything that can impact the confidentiality, integrity, or availability of an asset
Risk mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Root user (or superuser)
A user with elevated privileges to modify the system
Rootkit
Malware that provides remote, administrative access to a computer; A collection of malicious software tools that enable unauthorized access to a computer or area of its software and often hide the existence of certain processes or programs.
Router
A network device that connects multiple networks together
Salting
An additional safeguard that’s used to strengthen hash functions
Sandboxing
A security technique for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.
Scareware
Malware that employs tactics to frighten users into infecting their device
Search Processing Language (SPL)
Splunk’s query language
Secure File Transfer Protocol (SFTP)
A secure protocol used to transfer files from one device to another over a network
Secure shell (SSH)
A security protocol used to create a shell with a remote system
Security assessment
A check to determined how resilient current security implementations against threats
Security audit
A review of an organization's security controls, policies, and procedures against a set of expectations
Security controls
Safeguards designed to reduce specific security risks
Security frameworks
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security hardening
The process of strengthening a system to reduce its vulnerability and attack surface
Security information and event management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
Security mindset
The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
Security operations center (SOC)
An organizational unit dedicated to monitoring networks, systems, and devices for security threats or attacks
Security Orchestration, Automation, and Response (SOAR)
A collection of applications, tools, and workflows that use automation to respond to security events
Security posture
An organization’s ability to manage its defense of critical assets and data and react to change
Security zone
A segment of a company’s network that protects the internal network from the internet
Select
The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Sensitive data
A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI)
Separation of duties
The principle that users should not be given levels of authorization that would allow them to misuse a system
Session
A sequence of network HTTP basic auth requests and responses associated with the same user
Session cookie
A token that websites use to validate a session and determine how long that session should last
Session hijacking
An event when attackers obtain a legitimate user’s session ID
Session ID
A unique token that identifies a user and their device while accessing a system
Set data
Data that consists of an unordered collection of unique values
Shared responsibility
The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
Shell
The command-line interpreter
SIEM
Security Information and Event Management provides real-time analysis of security alerts generated by network hardware and applications.
SIEM (Security Information and Event Management)
A set of integrated tools designed to provide a comprehensive and real-time view of the security posture of an organization by collecting, analyzing, and presenting security data from various sources.
Signature
A pattern that is associated with malicious activity
Signature analysis
A detection method used to find events interest
Simple Network Management Protocol (SNMP)
A network protocol used for monitoring and managing devices on a network
Single Sign-On (SSO)
A technology that combines several different logins into one Smishing
Smishing
The use of text messages to trick users to obtain sensitive information or to impersonate a known source
Smurf attack
A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets
SOC (Security Operations Center)
A centralized unit that deals with security issues on an organizational and technical level, focusing on real-time monitoring, detection, analysis, and response to cybersecurity incidents.
Social Engineering
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes; A manipulation technique that exploits human error to gain private information, access, or valuables
Spear phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Speed
The rate at which a device sends and receives data, measured by bits per second
Splunk Cloud
A cloud-hosted tool used to collect, search, and monitor log data
Splunk Enterprise
A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time
Spyware
Malware that’s used to gather and sell information without consent
SQL (Structured Query Language)
A programming language used to create, interact with, and request information from a database
SQL injection
An attack that executes unexpected queries on a database
SSL Inspection
The process of decrypting SSL/TLS encrypted traffic to inspect its content for security threats.
SSL/TLS
Protocols for securing communications over a computer network.
SSL/TLS (Secure Sockets Layer / Transport Layer Security)
Cryptographic protocols designed to provide communications security over a computer network, widely used for web browsers and other applications that require data to be securely exchanged.
Stakeholder
An individual or a group that has an interest in any decision or activity of an organization
Standard error
An error message returned by the OS through the shell
Standard input
Information received by the OS via the command line Standard output
Standards
References that inform how to set policies
STAR method
An interview technique used to answer behavioral and situational questions
Stateful
A class of firewall that keeps track of information passing through it and proactively filters out threats
Stateless
A class of firewall that operates based on predefined rules and that does not keep track of information from data packets
Stored XSS attack
An instance when a malicious script is injected directly on the server
String concatenation
The process of joining two strings together
String data
Data consisting of an ordered sequence of characters
Style guide
A manual that informs the writing, formatting, and design of documents
Subnet
A logical subdivision of an IP network, breaking down a large network into smaller, manageable pieces.
Subnet Mask
A 32-bit number used to divide IP address into network and host address.
Subnetting
The subdivision of a network into logical groups called subnets
Substring
A continuous sequence of characters within a string
Sudo
A command that temporarily grants elevated permissions to specific users
Suricata
An open-source intrusion detection system and intrusion prevention system
Switch
A device that makes connections between specific devices on a network by sending and receiving data between them
Symmetric encryption
The use of a single secret key to exchange information
Synchronize (SYN) flood attack
A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets
Syntax
The rules that determine what is correctly structured in a computing language
Syntax error
An error that involves invalid usage of a programming language
Tailgating
A social engineering tactic in which unauthorized people follow an authorized person into a restricted area
TCP/IP (Transmission Control Protocol/lnternet Protocol)
The basic communication language or set of protocols for the Internet.
TCP/IP Model
A four-layer communication model (Network Interface, Internet, Transport, Application) used for data transmission over a network; A framework used to visualize how data is organized and transmitted across a network
tcpdump
A command-line network protocol analyzer
Telemetry
The collection and transmission of data for analysis
Threat
Any circumstance or event that can negatively impact assets
Threat actor
Any person or group who presents a security risk
Threat Hunting
The proactive search for malicious actors or activities that are hidden within a network and might not be detected by traditional security tools.
Threat Intelligence
Evidence-based threat information that provides context about existing or emerging threats; Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.
Threat modeling
The process of identifying assets, their vulnerabilities, and how each is exposed to threats
Transmission Control Protocol (TCP)
An internet communication protocol that allows two devices to form a connection and stream data
Triage
The prioritizing of incidents according to their level of importance or urgency
Trojan horse
Malware that looks like a legitimate file or program
True negative
A state where there is no detection of malicious activity
True positive
An alert that correctly detects the presence of an attack
Tuple data
Data structure that consists of a collection of data that cannot be changed
Type error
An error that results from using the wrong data type
Ubuntu
An open-source, user-friendly distribution that is widely used in security and other industries
Unauthorized access
An incident type that occurs when an individual gains digital or physical access to a system or application without permission
Uncontrolled zone
The portion of the network outside the organization
Unified Extensible Firmware Interface (UEFI)
A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems
User
The person interacting with a computer
User Datagram Protocol (UDP)
A connectionless protocol that does not establish a connection between devices before transmissions
User interface
A program that allows the user to control the functions of the operating system
User provisioning
The process of creating and maintaining a user's digital identity
User-defined function
A function that programmers design for their specific needs
Variable
A container that stores data
Virtual machine (VM)
A virtual version of a physical computer
Virtual private network (VPN)
A network security service that changes your public IP address and masks your virtual location so that you can keep your data private when you are using a public network like the internet
Virus
Malicious code written to interfere with computer operations and cause damage to data and software
VirusTotal
A service that allows anyone to analyze suspicious files, domains, URLs, and IP addresses for malicious content
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Visual dashboard
A way of displaying various types of data quickly in one place
VLAN
Virtual Local Area Network divides a network into multiple virtual networks for security and organization.
VLAN (Virtual Local Area Network)
A method to create independent networks within a physical network, improving the management and security of data traffic.
VPN
Virtual Private Network extends a private network across a public network, enabling users to send and receive data securely.
VPN (Virtual Private Network)
A service that encrypts your internet traffic and protects your online identity by hiding your IP address, making your internet activity more secure.
VPN Tunneling
A method of sending encrypted data over a network.
Vulnerability
A weakness that can be exploited by a threat; A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.
Vulnerability assessment
The internal review process of an organization's security systems
Vulnerability management
The process of finding and patching vulnerabilities
Vulnerability scanner
Software that automatically compares existing common vulnerabilities and exposures against the technologies on the network
WAF (Web Application Firewall)
A specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
Watering hole attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Web-Based Exploits
Malicious code or behavior that’s used to take advantage of coding flaws in a web application
Whaling
A category of spear phishing attempts that are aimed at high-ranking executives in an organization
Wide Area Network (WAN)
A network that spans a large geographic area like a city, state, or country
Wi-Fi Protected Access (WPA)
A wireless security protocol for devices to connect to the internet
Wildcard
A special character that can be substituted with any other character
Windows New Technology LAN Manager (NTLM)
Set of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.
Wireshark
An open-source network protocol analyzer
World-writable file
A file that can be altered by anyone in the world
Worm
Malware that can duplicate and spread itself across systems on its own
XSS (Cross-Site Scripting)
A security vulnerability typically found in web applications, allowing attackers to inject malicious scripts into content from otherwise trusted websites.
YARA-L
A computer language used to create rules for searching through ingested log data
Zero Day
An exploit that was previously unknown; A vulnerability in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the vulnerability.
Last updated