Definitions and pro-tips for the CISSP certification.
An Acceptable Use Policy (AUP) defines the rules and guidelines for appropriate use of an organization’s information assets. It details permitted activities, prohibited behaviors, and consequences for violations, covering areas like internet access, data handling, and device usage to mitigate risk and maintain security.
Access Control defines and enforces policies governing who or what can access specific resources. It’s a fundamental security principle ensuring confidentiality, integrity, and availability. Implementation spans administrative procedures, physical barriers, and technical mechanisms like authentication and authorization protocols.
Asymmetric encryption utilizes a key pair – a public key for encryption and a corresponding private key for decryption. This method eliminates the need for secure key exchange, as the public key can be freely distributed. Algorithms include RSA and ECC, though they are computationally intensive and slower than symmetric methods.
A Business Impact Analysis (BIA) identifies critical business functions and the potential consequences of disruptions to those functions. It determines Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) to guide the development of business continuity and disaster recovery plans, minimizing operational and financial losses.
A Bloom filter is a space-efficient probabilistic data structure used to determine if an element is potentially present in a set. It may return false positives, indicating an element is present when it is not, but will never return false negatives, ensuring absent elements are correctly identified.
A buffer overflow occurs when a program writes data beyond the allocated memory boundary of a buffer. This vulnerability can overwrite adjacent memory locations, causing program crashes, unexpected behavior, or enabling malicious code execution. Exploitation often involves overwriting return addresses on the stack.
A Business Continuity Plan details the strategies and procedures for maintaining essential business functions during and after a disruptive event. It prioritizes operational resilience, focusing on how the organization will continue to operate with reduced resources or altered conditions.
The CIA Triad represents core security principles: Confidentiality ensures data access is limited to authorized users. Integrity guarantees data accuracy and completeness. Availability confirms reliable and timely access to information and resources. These principles form the bedrock of information security programs.
CompTIA is a leading vendor-neutral certification organization providing globally recognized credentials in IT. Their certifications validate foundational skills and knowledge across various domains, including networking, security, and cloud computing, serving as a common entry point for IT professionals.
Cross-Site Scripting (XSS) is a web application vulnerability allowing attackers to inject malicious client-side scripts into web pages viewed by other users. This enables attackers to execute arbitrary code in the user's browser, potentially stealing cookies, hijacking sessions, or defacing websites.
Cryptographic agility refers to a system’s capacity to rapidly and seamlessly transition between different cryptographic algorithms, key lengths, and protocols. This adaptability is crucial for maintaining security in response to evolving threats, algorithm vulnerabilities, and changing regulatory requirements.
Cryptography is the science of secure communication, utilizing mathematical algorithms to protect information confidentiality, integrity, and authenticity. It encompasses encryption, decryption, hashing, and digital signatures. Strong cryptography relies on computational hardness and key management practices.
Discretionary Access Control (DAC) grants resource owners the authority to determine who has access to their data. Permissions are typically managed through access control lists (ACLs) or similar mechanisms, allowing flexible but potentially less secure access management compared to MAC.
Data classification is the process of categorizing information based on its sensitivity, value, and criticality to the organization. This categorization determines the appropriate security controls, handling procedures, and access restrictions applied to protect data from unauthorized disclosure, modification, or destruction.
Data Loss Prevention encompasses technologies and procedures designed to detect and prevent sensitive data from unauthorized disclosure or exfiltration. DLP solutions monitor, inspect, and protect data in use, in motion, and at rest across various endpoints, networks, and cloud environments.
Data remanentization refers to the residual data left on a storage device after standard deletion or formatting. This remaining data can be recovered through forensic techniques. Understanding its persistence is crucial for secure data disposal and preventing unauthorized access to sensitive information.
Defense in Depth is a security approach employing multiple, overlapping security controls to protect an organization’s assets. These controls span physical, technical, and administrative domains, creating redundancy and mitigating the impact of any single control failure. It’s a fundamental security principle.
Denial of Service (DoS) attacks exploit vulnerabilities to render a computer or network resource unavailable to legitimate users. These attacks achieve disruption by flooding the target with malicious traffic, exceeding its capacity to respond, or by exploiting system weaknesses to cause crashes or lockups.
A digital signature provides authentication, integrity, and non-repudiation for electronic messages. It’s created by applying a cryptographic hash function to the message, then encrypting the resulting hash with the sender’s private key. Recipients verify the signature using the sender’s public key.
A Disaster Recovery Plan (DRP) outlines the procedures and resources required to restore IT infrastructure and critical data following a disruptive event. It focuses on technical recovery, including data backups, system restoration, and network failover, aiming to minimize downtime and data loss.
Due Care represents the level of responsibility and caution a prudent individual would exercise under similar circumstances to prevent foreseeable harm. It involves proactively implementing reasonable security controls and safeguards to protect assets and mitigate risks, demonstrating responsible behavior.
Due Diligence involves conducting thorough investigations and research to gather sufficient information before making decisions or taking actions. It demonstrates a reasonable effort to understand potential risks and liabilities, ensuring informed choices are made regarding security and compliance.
Endpoint Detection and Response (EDR) systems continuously monitor endpoints for malicious activity, collecting and analyzing data to identify threats. EDR provides capabilities for threat hunting, incident investigation, and automated response actions, exceeding the capabilities of traditional signature-based antivirus solutions.
Federated Identity allows users to utilize a single identity across multiple, independent organizations. This is achieved through trust relationships and standardized protocols like SAML, OAuth, and OpenID Connect, enabling seamless access to resources without requiring separate credentials for each service provider.
A Firewall is a network security system controlling network traffic based on a defined set of rules. It examines incoming and outgoing packets, blocking or allowing them based on source/destination IP addresses, ports, and protocols, acting as a barrier between trusted and untrusted networks.
Forward Secrecy is a cryptographic property guaranteeing that the compromise of a current private key does not compromise the confidentiality of past communications. It's achieved by generating unique, ephemeral session keys for each communication session, preventing retroactive decryption of intercepted data.
Governance encompasses the strategic direction, policies, and processes used to ensure an organization’s IT systems support business objectives. It establishes accountability, defines roles and responsibilities, and provides a framework for decision-making regarding IT investments and risk management.
Grammar-Based Access Control (GBAC) is an attribute-based access control model utilizing a formal grammar to define security policies. It enables dynamic and flexible access control based on user, resource, and environmental attributes, surpassing the limitations of traditional discretionary or mandatory access control.
A Guideline provides recommended best practices for security, offering flexible advice rather than strict mandates. It suggests a preferred approach but allows for alternative solutions based on organizational context and risk tolerance. Guidelines support policies but do not enforce specific implementations.
Hashing is a one-way cryptographic process that transforms data of any size into a fixed-size alphanumeric string, known as a hash value or digest. This function ensures data integrity by detecting any alterations to the original data, as even a minor change results in a significantly different hash.
Incident Response is a structured process for identifying, containing, eradicating, and recovering from security incidents. It involves predefined procedures, roles, and communication channels to minimize damage, restore normal operations, and prevent future occurrences, often following the NIST framework.
An Intrusion Detection System (IDS) passively monitors network traffic and system activity for malicious events, policy violations, and security breaches. It analyzes data against a database of known signatures and anomalies, generating alerts when suspicious activity is detected, but does not actively block it.
An Intrusion Prevention System (IPS) is a network security device that actively monitors for malicious activity, analyzes network traffic, and automatically takes preventative measures to block or mitigate identified threats. It operates in-line to inspect traffic and enforce security policies in real-time.
Kerberos is a network authentication protocol utilizing secret-key cryptography. It employs tickets and a trusted Key Distribution Center (KDC) to verify user and service identities, providing strong authentication for network services without transmitting passwords in plaintext. It’s a default for many Microsoft Active Directory environments.
Lateral movement is a post-exploitation technique used by attackers to navigate through a compromised network. After gaining initial access, attackers move between systems, escalating privileges and seeking valuable data or critical assets, often leveraging stolen credentials or exploiting vulnerabilities.
Least Astonishment is a usability principle dictating that a system’s behavior should align with user expectations. This minimizes confusion and errors by ensuring predictable functionality. Consistent interfaces and adherence to established conventions are vital for security and operational efficiency.
Least Privilege is a core security principle limiting user access to only the resources and permissions required for their specific job functions. Implementing this principle minimizes potential damage from compromised accounts or malicious insiders by reducing the attack surface and limiting lateral movement.
Logical access controls govern system and data access based on user identity, authentication, and authorization. These controls utilize software mechanisms to verify credentials and enforce permissions, restricting access to authorized individuals. Effective implementation minimizes unauthorized data disclosure and system compromise.
Mandatory Access Control (MAC) is a highly restrictive access control model where the system, not the user, determines access based on pre-defined security labels and clearances. These labels classify both subjects (users) and objects (data), enforcing strict access rules regardless of user preference.
Malware encompasses malicious software designed to disrupt, damage, or gain unauthorized access to a computer system. This includes viruses, worms, Trojans, ransomware, spyware, and rootkits. Malware can propagate through various vectors, including email attachments, infected websites, and compromised software.
A Man-in-the-Middle (MitM) attack involves an attacker secretly intercepting and potentially altering communication between two unsuspecting parties. The attacker positions themselves as an intermediary, gaining access to sensitive data exchanged during the session, often without detection by either party.
Mean Time Between Failures represents the average time a non-repairable system is predicted to operate before encountering a failure. It’s a key reliability indicator for hardware, calculated by dividing total operational time by the number of failures. Higher MTBF values indicate greater reliability.
Multi-Factor Authentication (MFA) enhances security by requiring users to present evidence from two or more independent authentication factors. These factors typically include something the user knows, possesses, or is – significantly reducing the risk of unauthorized access due to compromised credentials.
Network segmentation divides a network into distinct, isolated segments to limit the blast radius of security incidents. This is achieved through technologies like VLANs, firewalls, and microsegmentation, restricting lateral movement and containing breaches within specific network zones, protecting critical assets.
Non-repudiation ensures that a party cannot deny having performed an action or sent a message. This is achieved through cryptographic techniques like digital signatures, which provide verifiable proof of origin and integrity, and robust audit trails that document all relevant events.
A Nonce, short for 'number used once,' is a random or pseudo-random value included in cryptographic protocols. Its primary purpose is to prevent replay attacks by ensuring each message is unique, even if transmitted multiple times. Nonces are essential for maintaining cryptographic integrity.
Patch management is a systematic process encompassing identification, acquisition, testing, and deployment of software updates to remediate security vulnerabilities. A comprehensive program minimizes the attack surface by promptly addressing known weaknesses in operating systems, applications, and firmware, reducing exploitation risks.
Penetration Testing is an authorized, simulated cyberattack conducted to evaluate the security posture of a system, network, or application. It involves actively exploiting identified vulnerabilities to determine the extent of potential damage and assess the effectiveness of existing security controls.
Physical access controls restrict unauthorized physical access to sensitive areas, equipment, and data. These measures include barriers like fences and locks, surveillance systems, security personnel, and biometric authentication, protecting assets from theft, damage, and unauthorized manipulation.
Public Key Infrastructure (PKI) is a comprehensive system for managing digital certificates, public and private key pairs, and Certificate Authorities (CAs). It establishes a trusted framework for secure communication and authentication by verifying identities and enabling encrypted data exchange.
A Procedure is a detailed, step-by-step set of instructions designed to consistently execute a specific task or process. It outlines the exact sequence of actions required, ensuring uniformity and reducing errors. Procedures are mandatory and often documented within operational manuals or runbooks.
Qualitative Risk Assessment employs subjective judgment and expert opinion to categorize risks based on their probability and impact, typically using scales like High, Medium, and Low. This method prioritizes risks for further analysis and treatment without requiring precise numerical values.
Quantitative Risk Assessment utilizes numerical analysis to determine the financial impact of potential risks. It calculates Single Loss Expectancy (SLE), Annualized Rate of Occurrence (ARO), and ultimately, Annualized Loss Expectancy (ALE) to provide concrete values for risk prioritization and investment in security controls.
A Rainbow Table is a precomputed table containing hashes for a large set of passwords, used to accelerate password cracking. It exploits the deterministic nature of hashing algorithms. Modern systems mitigate this threat through salting and the use of computationally expensive key derivation functions.
Role-Based Access Control (RBAC) assigns access permissions based on a user’s defined role within an organization. This simplifies access management by granting permissions to roles rather than individual users, improving efficiency and reducing administrative overhead while maintaining security.
Reverse engineering is the analytical process of deconstructing a system, component, or software to reveal its design, architecture, and functionality. This often involves analyzing code, hardware, or protocols to understand how something works, typically without access to original documentation.
Risk Management is a systematic process for identifying potential threats and vulnerabilities, assessing their likelihood and impact, and implementing controls to mitigate unacceptable risk. It’s an ongoing cycle of assessment, response, and monitoring to protect organizational assets and achieve objectives.
A rootkit is a malicious software suite designed to conceal its existence and maintain persistent, privileged access to a computer system. It operates by modifying core system files, processes, and APIs, making detection extremely difficult and enabling long-term control by an attacker.
Recovery Point Objective specifies the maximum acceptable data loss measured in time. It determines how frequently data backups must occur to prevent exceeding the defined loss threshold. A shorter RPO implies more frequent backups and potentially higher storage costs, ensuring minimal data loss.
Recovery Time Objective defines the maximum acceptable length of time an organization can tolerate business process disruption following an incident. It’s a critical metric for business continuity and disaster recovery planning, directly impacting revenue and reputation. RTO drives the selection of recovery strategies.
A Security Policy is a high-level document outlining an organization’s commitment to protecting its information assets. It establishes mandatory rules and guidelines for all users and stakeholders, defining acceptable behavior and expectations regarding confidentiality, integrity, and availability. Policies are approved by management.
Separation of Duties (SoD) is a fundamental internal control principle that divides critical tasks among multiple individuals. This prevents any single person from having complete control over a sensitive process, mitigating the risk of fraud, errors, and malicious activity through collusion or abuse of privilege.
Side-channel attacks exploit implementation details of a cryptographic system to extract secret information. These attacks analyze physical characteristics like power consumption, timing, electromagnetic radiation, or sound to deduce cryptographic keys or internal states, bypassing the algorithm's mathematical strength.
Social Engineering exploits human psychology to manipulate individuals into performing actions or divulging confidential information. Attackers leverage trust, fear, or helpfulness to bypass security measures, often targeting vulnerabilities in human behavior rather than technical systems.
SQL Injection is a web security vulnerability that enables attackers to interfere with the queries that an application makes to its database. By inserting malicious SQL code into input fields, attackers can bypass security measures, access sensitive data, modify database content, or even execute administrative commands.
Single Sign-On (SSO) centralizes authentication, enabling users to access multiple applications with one set of credentials. It streamlines user access and improves efficiency by eliminating the need to remember and manage numerous usernames and passwords, enhancing security through centralized policy enforcement.
A Standard is a specific, mandatory requirement defining precise configurations for hardware, software, or controls. It dictates *how* a policy is implemented, leaving no room for deviation. Compliance is typically verifiable through audits and assessments, ensuring consistent application across an organization.
Symmetric encryption employs a single, secret key for both data encryption and decryption processes. Algorithms like AES and DES offer high speeds, making them efficient for encrypting large volumes of data. However, secure key exchange remains a significant challenge with this method, requiring a trusted channel.
System hardening is a proactive security process that reduces a system’s attack surface by eliminating unnecessary services, ports, and software. This includes implementing strong configuration settings, applying security patches, and enforcing access controls to minimize vulnerabilities and potential entry points for attackers.
Threat Modeling proactively identifies and categorizes potential security threats to an asset. This process analyzes system architecture, data flows, and potential vulnerabilities to determine the likelihood and impact of exploitation. Results inform risk mitigation strategies and prioritize security investments.
Tokenization is a data security process replacing sensitive data with a non-sensitive surrogate value, called a token. This reduces the risk associated with storing and transmitting sensitive information, such as credit card numbers or Personally Identifiable Information (PII). Tokens have no extrinsic or exploitable meaning.
A Vulnerability Assessment systematically identifies, quantifies, and prioritizes security weaknesses within a system, network, or application. This process utilizes automated tools and manual techniques to discover vulnerabilities, assessing their potential impact and likelihood of exploitation to inform remediation efforts.
A Zero-Day Exploit leverages a software or hardware vulnerability unknown to the vendor and for which no patch exists. These attacks are highly critical due to the lack of available defenses, allowing attackers to compromise systems before mitigation is possible. Rapid detection and response are essential.
We're adding new exams every week. Let us know what you're studying for, and we'll bump it up our priority list! (Typical turnaround: 2-3 days)
Your feedback has been submitted successfully. We appreciate your help in making Cert Sensei better!