πCore Security Concepts
Asset β Any data, device, or system that has value to an organization.
Threat β Any potential danger that can exploit a vulnerability.
Risk β The potential for loss or damage when a threat exploits a vulnerability.
Vulnerability β A weakness in a system that can be exploited.
Exploit β A method used to take advantage of a vulnerability.
Attack Vector β The path or means by which a hacker gains access.
Attack Surface β The total exposure a system has to potential attacks.
Mitigation β Steps taken to reduce the severity of a risk or threat.
Defense in Depth β A layered approach to security.
Security Posture β The overall security status of an organization’s networks and systems.
CIA Triad β Confidentiality, Integrity, Availability β core principles of cybersecurity.
Confidentiality β Ensuring information is not accessed by unauthorized individuals.
Integrity β Ensuring information is not altered or tampered with.
Availability β Ensuring systems and data are accessible when needed.
Non-repudiation β Assurance that someone cannot deny the validity of their signature or a message.
Least Privilege β Granting the minimum access needed to perform a task.
Zero Trust β Security model assuming no trust for anyone inside or outside the network.
Security Policy β A formal set of rules for system protection.
Security Control β Safeguards to reduce risk (administrative, technical, physical).
Compensating Control β Alternative measures used to satisfy a security requirement.
Risk Assessment β Evaluating threats, vulnerabilities, and potential impacts.
Security Audit β A systematic evaluation of security policies and controls.
Security Baseline β Minimum security configuration standards.
Security Metrics β Measurements used to assess the effectiveness of security controls.
Governance β Establishing policies and processes for managing cybersecurity.
π‘οΈ Common Threats & Attacks
Phishing β Fraudulent attempts to obtain sensitive info by pretending to be trustworthy.
Spear Phishing β Targeted phishing attack aimed at a specific individual.
Whaling β Phishing attack targeting high-level executives.
Smishing β Phishing via SMS messages.
Vishing β Phishing via voice calls.
Spoofing β Impersonating a trusted source to deceive victims.
Man-in-the-Middle (MITM) β Intercepting and altering communication between two parties.
DDoS (Distributed Denial of Service) β Overwhelming a system with traffic from multiple sources.
DoS (Denial of Service) β Making a system unavailable by flooding it with traffic.
Ransomware β Malware that encrypts data and demands payment for its release.
Spyware β Malware that secretly collects user information.
Adware β Software that displays unwanted ads.
Trojan Horse β Malicious software disguised as legitimate.
Worm β Self-replicating malware that spreads without user action.
Rootkit β Malware designed to gain unauthorized root/admin-level control.
Keylogger β Software or hardware that records keystrokes.
Credential Stuffing β Using leaked credentials to attempt logins on other platforms.
SQL Injection β Injecting malicious SQL code to manipulate databases.
XSS (Cross-Site Scripting) β Injecting malicious scripts into webpages.
Command Injection β Running arbitrary commands on a host operating system.
Privilege Escalation β Gaining higher-level permissions than intended.
Buffer Overflow β Overwriting memory to execute malicious code.
Brute Force Attack β Trying many passwords or keys to gain unauthorized access.
Dictionary Attack β Using a list of common passwords to attempt logins.
Session Hijacking β Taking over a user’s session after they log in.
Drive-by Download β Automatic download of malware from a compromised website.
Logic Bomb β Malicious code triggered by a specific event.
Watering Hole Attack β Compromising websites commonly visited by a target.
Backdoor β Hidden access point that bypasses security.
Malvertising β Distributing malware through online ads.
Typosquatting β Registering misspelled domains to trick users.
Rogue Software β Fake software posing as legitimate security software.
Social Engineering β Manipulating individuals to gain confidential info.
Tailgating β Following someone into a restricted area.
Baiting β Offering something enticing to trick victims into revealing data.
Quishing β QR code phishing.
Bluejacking β Sending unsolicited messages via Bluetooth.
Bluesnarfing β Unauthorized access via Bluetooth.
Eavesdropping β Intercepting private communication.
Session Replay Attack β Capturing and reusing a valid data transmission.
π§° Tools & Technologies
Firewall β Blocks unauthorized network traffic.
IDS (Intrusion Detection System) β Monitors network for malicious activity.
IPS (Intrusion Prevention System) β Blocks detected threats automatically.
Antivirus β Detects and removes known malware.
EDR (Endpoint Detection & Response) β Monitors endpoint behavior and responds to threats.
SIEM (Security Information and Event Management) β Aggregates and analyzes logs.
MFA (Multi-Factor Authentication) β Multiple methods to verify identity.
VPN (Virtual Private Network) β Encrypts internet traffic and hides user location.
Proxy Server β Intermediary for requests to other servers.
NAC (Network Access Control) β Enforces security policy on devices accessing the network.
Data Loss Prevention (DLP) β Protects sensitive data from unauthorized access.
Honey Pot β Decoy system to lure attackers.
Sandbox β Isolated environment for running suspicious code.
PKI (Public Key Infrastructure) β Manages encryption keys and digital certificates.
SSL/TLS β Encrypts data between web server and browser.
Hashing β Converts data to a fixed-length value to protect integrity.
Public Key β Used to encrypt data.
Private Key β Used to decrypt data.
Symmetric Encryption β Uses the same key for encryption and decryption.
Asymmetric Encryption β Uses public/private key pairs.
HMAC β Hash-based Message Authentication Code.
Tokenization β Replacing sensitive data with unique identifiers.
Federated Identity β Shared authentication across multiple systems.
Single Sign-On (SSO) β One login provides access to multiple systems.
Security Token β Device or software used to prove identity.
Biometric Authentication β Using physical traits for authentication.
Access Control List (ACL) β List defining access rights to resources.
Digital Certificate β Proves ownership of a public key.
Certificate Authority (CA) β Issues and verifies digital certificates.
Browser Isolation β Keeps browser activity separated from the main OS.
Threat Intelligence Platform β Aggregates and analyzes threat data.
SOAR (Security Orchestration, Automation, and Response) β Automates incident response.
Bastion Host β Hardened server used as a gateway.
Syslog β Standard for system log messaging.
SIEM Correlation Rules β Define patterns that indicate a threat.
Forensics Tool β Used for digital investigations.
Incident Management System β Tracks and manages security incidents.
IAM (Identity and Access Management) β Manages user identities and access.
UEBA (User and Entity Behavior Analytics) β Detects anomalies in user behavior.
Red Team β Simulates attacks to test defenses.
Blue Team β Defends against simulated attacks.
Purple Team β Collaborates between Red and Blue teams.
Security Awareness Training β Educates users on threats and safe practices.
Patch Management β Regularly updating software to fix vulnerabilities.
Configuration Management β Maintaining secure settings and baselines.
Regulations & Standards
GDPR (General Data Protection Regulation) β EU regulation for data privacy and protection.
HIPAA (Health Insurance Portability and Accountability Act) β U.S. regulation protecting health data.
PCI-DSS (Payment Card Industry Data Security Standard) β Standard for secure handling of credit card data.
SOX (Sarbanes-Oxley Act) β U.S. law aimed at corporate financial transparency.
FISMA (Federal Information Security Management Act) β U.S. law for protecting federal systems.
FERPA (Family Educational Rights and Privacy Act) β U.S. law protecting student education records.
NIST (National Institute of Standards and Technology) β U.S. agency that provides cybersecurity standards.
NIST CSF (Cybersecurity Framework) β Set of guidelines for improving cybersecurity.
NIST 800-53 β Controls for federal information systems.
NIST 800-171 β Standards for protecting controlled unclassified information (CUI).
ISO/IEC 27001 β International standard for information security management systems (ISMS).
ISO/IEC 27002 β Provides guidelines for implementing security controls.
COBIT β Framework for managing and governing enterprise IT.
CIS Controls β Best practices for securing IT systems and data.
CSA CCM (Cloud Controls Matrix) β Framework for securing cloud computing environments.
SOC 2 (System and Organization Controls) β Auditing procedure for service providers.
ITIL (Information Technology Infrastructure Library) β Framework for IT service management.
Basel III β Banking regulation affecting risk management.
GLBA (Gramm-Leach-Bliley Act) β U.S. regulation for financial privacy.
CCPA (California Consumer Privacy Act) β U.S. law giving consumers control over personal data.
NYDFS 500 β New York Department of Financial Services cybersecurity regulation.
CMMC (Cybersecurity Maturity Model Certification) β DoD framework for contractor security.
Cyber Essentials β UK cybersecurity certification scheme.
Red Flag Rules β Requires organizations to detect and prevent identity theft.
Privacy Impact Assessment (PIA) β Analysis of how data is collected, used, and protected.
Risk Register β A document listing identified risks and mitigation strategies.
Audit Trail β A record of system activity.
Due Diligence β Ongoing monitoring to ensure compliance.
Data Classification β Categorizing data based on sensitivity.
Data Retention Policy β Rules for storing and deleting data.
Security Controls Assessment (SCA) β Evaluation of security controls’ effectiveness.
Compliance β Adherence to laws, regulations, and standards.
Governance, Risk, and Compliance (GRC) β Integrated approach to managing risk and ensuring compliance.
Policy Exception β Documented approval to bypass standard policy under specific conditions.
Security Gap Analysis β Comparison between current security posture and desired state.
π₯ Cybersecurity Roles
CISO (Chief Information Security Officer) β Senior executive responsible for security strategy.
Security Analyst β Monitors and analyzes security threats.
Security Engineer β Designs and implements secure network solutions.
Security Architect β Builds comprehensive security structures and models.
Incident Responder β Handles and mitigates security incidents.
Penetration Tester (Ethical Hacker) β Simulates attacks to identify vulnerabilities.
Red Teamer β Tests defenses through simulated attacks.
Blue Teamer β Detects and defends against threats.
Purple Teamer β Facilitates collaboration between red and blue teams.
SOC Analyst β Operates in a Security Operations Center to monitor and respond to threats.
Risk Analyst β Assesses and mitigates risks.
Compliance Officer β Ensures compliance with laws and regulations.
IT Auditor β Evaluates and audits IT systems for compliance and security.
Threat Hunter β Proactively searches for signs of compromise.
Vulnerability Assessor β Identifies and evaluates system vulnerabilities.
IAM Specialist β Manages identity and access controls.
Forensics Analyst β Investigates security breaches and gathers digital evidence.
DevSecOps Engineer β Integrates security into development and operations.
Cloud Security Engineer β Secures cloud platforms and services.
Malware Analyst β Studies malware to understand and neutralize it.
Privacy Officer β Oversees data privacy initiatives and regulations.
Application Security Engineer β Secures software throughout its development lifecycle.
Security Trainer β Educates employees on cybersecurity awareness.
Bug Bounty Hunter β Finds and reports vulnerabilities for rewards.
Security Researcher β Studies emerging threats and technologies.
π Emerging Tech & Concepts
Zero-Day Exploit β A vulnerability exploited before the developer is aware of it.
AI in Cybersecurity β Use of artificial intelligence for threat detection.
Machine Learning (ML) β Enables systems to learn from data and improve detection.
Quantum Cryptography β Uses quantum mechanics to secure data.
Blockchain Security β Applying distributed ledger technology for data integrity.
Homomorphic Encryption β Encrypts data while allowing computations on it.
Confidential Computing β Protects data in use by performing computation in a secure enclave.
Edge Security β Securing devices and data at the edge of networks.
5G Security β Addressing new threats in high-speed mobile networks.
IoT Security β Securing Internet of Things devices and networks.
Supply Chain Attack β Compromising a third-party provider to breach a target.
Deepfake β AI-generated media that can be used for social engineering.
Cyber Resilience β The ability to recover from cyberattacks.
Threat Modeling β Identifying and assessing potential threats during design.
Secure SDLC β Integrating security in the software development life cycle.
Security by Design β Building security into system architecture from the start.
Container Security β Securing applications in containers like Docker.
API Security β Protecting APIs from threats and abuse.
Mobile Security β Securing smartphones and tablets.
BYOD Security β Managing security for employee-owned devices.
Shadow IT β IT systems used without organizational approval.
Deception Technology β Lures attackers into fake environments to detect threats.
Cyber Hygiene β Routine practices for maintaining system health.
Bug Bounty Program β Rewarding ethical hackers for finding vulnerabilities.
Threat Landscape β Overview of current and emerging cyber threats.
Kill Chain β Model describing the stages of a cyberattack.
MITRE ATT&CK β Framework for classifying attacker behaviors and tactics.
Cyber Threat Intelligence (CTI) β Information about threats used to make security decisions.
Digital Risk Protection (DRP) β Monitoring and defending against digital threats.
Security Champion β Developer or team member who promotes security practices.