| Concept | Definition | Example |
|---|---|---|
| CIA Triad | Confidentiality, Integrity, Availability | Encryption for confidentiality, checksums for integrity, redundancy for availability |
| Defense in Depth | Multiple layers of security controls | Firewall + IDS + encryption + access controls |
| Principle of Least Privilege | Users get minimum access needed | Database user only gets read access if that's all they need |
| Zero Trust | Never trust, always verify | Continuous authentication and authorization checks |
| Threat Modeling | Identifying potential security threats | STRIDE model: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege |
| Attack | Description | Defense |
|---|---|---|
| SQL Injection | Injecting malicious SQL code | Input validation, parameterized queries, least privilege |
| Cross-Site Scripting (XSS) | Injecting malicious scripts into web pages | Input sanitization, output encoding, CSP headers |
| Cross-Site Request Forgery (CSRF) | Tricking users to execute unwanted actions | CSRF tokens, same-site cookies, origin headers |
| Man-in-the-Middle | Intercepting communications | Encryption, certificate validation, VPNs |
| Phishing | Tricking users to reveal sensitive info | Security awareness training, email filtering, MFA |
| Denial of Service (DoS) | Overwhelming systems to deny service | Rate limiting, traffic filtering, redundancy |
| Buffer Overflow | Writing beyond buffer boundaries | Bounds checking, safe coding practices, ASLR |
| Ransomware | Encrypting data and demanding payment | Regular backups, endpoint protection, user training |
| Method | Description | Advantages/Disadvantages |
|---|---|---|
| Passwords | Something you know | Easy to implement, vulnerable to brute force |
| Multi-Factor Authentication (MFA) | Multiple verification factors | More secure, can be inconvenient |
| Biometrics | Something you are (fingerprint, face) | Difficult to forge, privacy concerns |
| Single Sign-On (SSO) | One login for multiple systems | Convenience, centralized control |
| OAuth | Authorization framework | Delegated access, token-based |
| OpenID Connect | Authentication layer on OAuth | Standardized identity, token validation |
| Role-Based Access Control (RBAC) | Permissions based on roles | Scalable, manageable access control |
| Mandatory Access Control (MAC) | System-enforced access control | High security, less flexible |
| Type | Algorithm | Use Case | Key Size |
|---|---|---|---|
| Symmetric Encryption | AES | Data encryption | 128, 192, 256 bits |
| Symmetric Encryption | 3DES | Legacy systems | 112, 168 bits |
| Asymmetric Encryption | RSA | Key exchange, digital signatures | 2048, 3072, 4096 bits |
| Asymmetric Encryption | ECC | Mobile, IoT devices | 256, 384, 521 bits |
| Hash Function | SHA-256 | Integrity verification | 256 bits |
| Hash Function | SHA-3 | Future-proof hashing | 224, 256, 384, 512 bits |
| Hash Function | MD5 | Deprecated | 128 bits |
| Key Exchange | Diffie-Hellman | Secure key exchange | 2048+ bits |
| Technology | Purpose | Implementation |
|---|---|---|
| Firewall | Filter network traffic | Rule-based packet filtering |
| VPN | Secure remote access | IPSec, SSL/TLS tunneling |
| Intrusion Detection System (IDS) | Detect suspicious activity | Signature-based, anomaly-based |
| Intrusion Prevention System (IPS) | Block detected threats | Inline traffic inspection |
| Network Segmentation | Isolate network sections | VLANs, subnetting, microsegmentation |
| SIEM | Security information and event management | Log aggregation, correlation, analysis |
| DMZ | Isolated network for public services | Web servers, email servers |
| Port Security | Control access to network ports | MAC address filtering |
| Protocol | Layer | Purpose | Security Feature |
|---|---|---|---|
| SSL/TLS | Transport | Secure communication | Encryption, authentication |
| IPSec | Network | Secure IP communication | Authentication, encryption, integrity |
| SSH | Application | Secure remote access | Encrypted shell access |
| SFTP | Application | Secure file transfer | SSH-based file transfer |
| HTTPS | Application | Secure web communication | HTTP over TLS |
| WPA3 | Network | Secure WiFi | Individualized data encryption |
| Kerberos | Application | Network authentication | Trusted third-party authentication |
| SAML | Application | Single sign-on | Security assertion markup language |
| Process | Description | Tools |
|---|---|---|
| Vulnerability Scanning | Systematic search for security weaknesses | Nessus, OpenVAS, Qualys |
| Penetration Testing | Simulated attacks to find vulnerabilities | Metasploit, Burp Suite, Nmap |
| Risk Assessment | Evaluate potential security risks | CVSS, DREAD, OCTAVE |
| Asset Management | Track and manage security of assets | CMDB, asset discovery tools |
| Patch Management | Manage software updates and patches | WSUS, Red Hat Satellite, Ansible |
| Security Auditing | Systematic evaluation of security controls | Compliance tools, configuration checkers |
| Phase | Activities | Tools |
|---|---|---|
| Preparation | Develop IR plan, train staff, establish communication | IR plans, communication tools, training materials |
| Identification | Detect and analyze security incidents | SIEM, IDS, forensic tools |
| Containment | Limit the scope of the incident | Network isolation, access controls |
| Eradication | Remove the cause of the incident | Antivirus, patching, system restoration |
| Recovery | Restore systems and services | Backups, system monitoring |
| Lessons Learned | Document and analyze the incident | Documentation, metrics, process improvement |
| Framework | Purpose | Key Components |
|---|---|---|
| NIST Cybersecurity Framework | Manage cybersecurity risks | Identify, Protect, Detect, Respond, Recover |
| ISO 27001 | Information security management | ISMS, risk management, controls |
| COBIT | IT governance and management | Process model, maturity model, metrics |
| PCI DSS | Payment card industry security | Cardholder data protection, network security |
| SOX | Financial reporting accuracy | Internal controls, audit requirements |
| HIPAA | Health information privacy | Privacy rule, security rule, breach notification |
| GDPR | Data protection and privacy | Consent, rights of data subjects, breach reporting |
| Category | Tool | Function |
|---|---|---|
| Network Scanning | Nmap | Port scanning, network discovery |
| Web Application Testing | Burp Suite | Web vulnerability assessment |
| Exploitation Framework | Metasploit | Penetration testing, exploit development |
| Packet Analysis | Wireshark | Network protocol analysis |
| Vulnerability Scanner | Nessus | Automated vulnerability detection |
| Forensic Analysis | Autopsy | Digital forensics and investigation |
| Password Cracking | John the Ripper | Password recovery and testing |
| System Monitoring | Sysmon | System activity monitoring |
| Practice | Description | Implementation |
|---|---|---|
| Input Validation | Validate all user inputs | Whitelist validation, parameterized queries |
| Output Encoding | Encode data for proper context | HTML encoding, URL encoding |
| Error Handling | Don't leak system information | Generic error messages, logging |
| Authentication | Implement strong authentication | MFA, secure session management |
| Authorization | Verify access rights | Role-based access, principle of least privilege |
| Session Management | Secure session handling | Secure cookies, session timeout |
| Cryptography | Use strong encryption | Standard algorithms, proper key management |
| Secure Configuration | Follow security best practices | Remove default accounts, disable unnecessary services |
| Technology | Application | Security Benefits |
|---|---|---|
| Zero Trust Architecture | Network security model | Continuous verification, micro-segmentation |
| Deception Technology | Attack detection and response | Early detection, attacker engagement |
| Behavioral Analytics | User and entity behavior analysis | Threat detection, anomaly identification |
| Security Orchestration | Automate security operations | Efficiency, consistency, scalability |
| Threat Intelligence | Proactive threat detection | Context, indicators of compromise |
| Blockchain Security | Distributed ledger security | Immutability, transparency, decentralization |
| Cloud Security | Secure cloud environments | Encryption, identity management, compliance |