INVITATION TO CYBERSECURITY 320 rubber ducky attack: an attack that uses a special-purpose USB stick to open a command prompt and quickly execute a series of commands by “typing” at computer speeds (4) rules of engagement (ROE): a legal document that defines what is allowed and disallowed during a pentest (3) Safari: Apple’s web browser (2) salami attack: an attack that accumulates gains over time by taking several small slices (6) salt: a short random string that is combined with a user’s password before it is hashed (7) sandbox: a compartmented safe space for testing and exploring (2) Saudi Aramco attack: a wiperware attack against a Saudi Arabian oil company that destroyed tens of thousands of machines and hard drives in 2012 (4) Schneier, Bruce: a modern cybersecurity thought leader (7) Schneier’s law: a principle of cryptography that states anybody can create a cryptosystem that he himself cannot break (7) SCIF (sensitive compartmented information facility): a specially designed space to contain and isolate classified information (9) scope of work (SOW): a legal document that outlines the scope of a pentest (3) script: an interpreted program (2) script kiddies: unskilled individuals who utilize user-friendly tools and scripts developed by others to hack into computer systems (3) Secret (S): a United States Department of Defense classification for information that could reasonably be expected to cause serious damage if it was disclosed (8) secure AI: securing AI technology (2) security as a process: a principle of cybersecurity that states cybersecurity must permeate all aspects of an organization and be continually monitored and improved (9) security game: a type of game theoretical game involving an attacker and a defender (6) security information and event management (SIEM): the process of aggregating logs and analyzing them for suspicious activity (8) security key: a USB stick that can perform cryptographically-secure authentication (8) security logs: logs that record information related to user accounts and file accesses (8) security questions: an authentication token based on answers to personal questions (8) sequential statements: statements executed one after the other (2) server: a specialized computer optimized to rapidly process requests for data (2) server program: a program that listens for incoming network connections (2)
RkJQdWJsaXNoZXIy MTM4ODY=