100 Cybersecurity Terms Flashcards Simplified for You
Made by Smart Teacher Platform
Set 1: Fundamentals
SIEM
Security Information and Event Management
CIA Triad
Confidentiality, Integrity, Availability
Confidentiality
This is ensuring that only authorized people have access to data.
Integrity
This is keeping data accurate,complete and unaltered
Availability
This is the principle that ensures systems and data are accessible when needed.
Assets
These are important resosurces e.g data,hardwares,network devices and systems that are valuable to an organization.
Vulnerability
Weakness in a system that can be exploited by cybercriminals.
Exploit
This is taking advantage of a vulnerability or flaw in a network system to penetrate or attack it.
Threat
This is an activity intended to compromise the security of an information or system by altering the availability , integrity , or confidentiality of a system .
Risk
Risk is the potential for loss, harm, or adverse consequences resulting from an uncertain event.
Control
A security measure used to reduce risk and protect systems..
Authentication
This is the process in cyber security that verifies the identity of users, devices, or systems before granting access to resources.
Authorization
This is the process of determining whether a user has the right to access a specific resource or perform a particular action
Non-repudiation
– This is the proof that someone performed an action (e.g., digital signatures).
Encryption
The process of converting plain text (readable data) into ciphertext (unreadable code) to protect information from unauthorized access.
Decryption
The process of turning converting encrypted data (ciphertext) back into its original, readable form (plaintext)
Hashing
The process of transforming data into a fixed-length value that is used for integrity.
Firewall
This ia a network security that controls network traffic.
IDS
IDS ( Intrusion Detection System) observes network traffic for malicious transactions and sends immediate alerts when it is observed.
IPS
An Intrusion Prevention System (IPS) is a network security device or software application that monitors network traffic and takes automated actions to prevent potential threats and unauthorized access.
SOC
Security Operation Center is a centralized unit that monitors,detects,analyzes and responds to cyberthreats.
Blue Team
This is the group responsible for defending an organization’s networks and systems from attacks
Red Team
The red team is made up of offensive security experts who try to attack an organization’s cybersecurity defenses.
Purple Team
The combination of Red team and the Blue team together
Zero Trust
This is a cybersecurity strategy that requires strict identity verification for every user and device attempting to access resources, regardless of their location within or outside the network..
Set 2: Networking & Cloud
Network
A group of connected devices sharing resources
LAN
Local Area Network; network within a small area
WAN
Wide Area Network; network across large geographic areas
VPN
Virtual Private Network; encrypts traffic between user and internet
Proxy Server
Intermediary between user and internet, adds anonymity
Port
Logical endpoint for communication (e.g., 80 = HTTP)
IP Address
Unique number identifying a device on a network
MAC Address
Hardware identifier for network devices
OSI Model
7-layer model describing network communication
TCP/IP
Protocol suite for internet communication
DNS
Domain Name System; translates domain names to IP addresses
DHCP
Protocol that assigns IP addresses dynamically
Cloud Computing
Delivering services over the internet
IaaS
Infrastructure as a Service (servers, networking)
PaaS
Platform as a Service (tools for developers)
Saas
Software as a Service (apps like Gmail, Zoom).
Hyper-V
Microsoft virtualization platform
VMware
Popular virtualization software
Virtual Machine (VM)
Software-based computer running on a host
Container
Lightweight software package (e.g., Docker)
Zero-Day
Vulnerability unknown to the vendor
Patch
Update that fixes vulnerabilities
DDoS Attack
Overloading a system with traffic to crash it
Man-in-the-Middle (MITM)
Attacker intercepts communication between two parties
Phishing
Fraudulent messages tricking users into revealing info
Set 3: Security Standards & Tools
ISO 27001
Standard for information security management systems
NIST
National Institute of Standards and Technology; publishes cybersecurity frameworks
GDPR
EU regulation protecting personal data
HIPAA
U.S. law protecting health information
PCI DSS
Standard for protecting payment card data.
SOC 2
Security standard for service organizations
Cybersecurity Framework (CSF)
NIST’s guidelines for managing risk
SIEM
Security Information and Event Management; aggregates and analyzes logs
Logs
Records of system events and activities
Events
Notable occurrences in logs (suspicious or normal)
Incident
Confirmed security breach or policy violation
Incident Response Plan
Steps to detect, respond, recover from attacks
Business Continuity
Ensuring operations continue during disruption
Disaster Recovery
Restoring IT systems after a disaster
Backup
Copy of data for recovery
Malware
Malicious software designed to harm systems
Ransomware
Malware that locks files until ransom is paid
Trojan Horse
Malware disguised as legitimate software
Worm
Malware that self-replicates across networks
Rootkit
Malware that hides its presence on a system
Spyware
Malware that secretly gathers user info
Adware
Software that shows unwanted ads
Keylogger
Tool that records keystrokes
MITRE ATT&CK
Framework for understanding attacker tactics
Penetration Testing
Authorized simulated cyberattack