Cybersecurity Acronyms, Protocols, and Incident Response Essentials

Posted on Feb 13, 2025 in Business Administration and Innovation Management

Cybersecurity Essentials: Acronyms, Protocols, and More

COPE: Corporate Owned, Personally Enabled

BYOD: Bring Your Own Device

Cryptography

Asymmetric: DHE, ECC, RSA

Symmetric: AES, DES, IDEA, RC4

Access Control Models

MAC: Mandatory Access Control. Admin applies policies where users cannot modify permissions based on their discretion.

RBAC: Role-Based Access Control. Access based on a set of predefined rules, not on individual user discretion.

ABAC: Attribute-Based Access Control. Access based on a combination of user, resource, and environmental attributes.

DAC: Discretionary Access Control. The resource owner decides who can access and what they can do.

OSI Model Layers

  1. Physical Layer
  2. Data Link Layer
  3. Network Layer
  4. Transport Layer
  5. Session Layer
  6. Presentation Layer
  7. Application Layer

Authentication Protocols

Kerberos: An authentication protocol designed for secure client-server mutual authentication, suitable for large, distributed environments.

CHAP: Challenge Handshake Authentication Protocol is used for the authentication of a remote user or entity, mainly within PPP connections.

RADIUS: Remote Authentication Dial-In User Service is used for centralized authentication, but it does not inherently provide mutual authentication between clients and servers.

TACACS+: Provides centralized control of access to network devices, but it is not specifically designed for mutual client-server authentication or for minimizing password transmission in the same manner as Kerberos.

RAID Levels

RAID 0: Striping

RAID 1: Mirroring

RAID 5: Distributed parity

RAID 6: Dual parity

RAID 10: Striping of mirrors

Malware Types

Worm: Replicates itself and spreads quickly through the network without user intervention (antivirus).

Virus: Activated by a person’s intervention and can spread to other files or through the network (antivirus).

Trojan (RAT): Allows remote access and command execution (user awareness).

Keylogger: Use antivirus to prevent and MFA to reduce impact.

Ransomware: Backup solutions are essential.

Rootkit: Backup from a secure point.

Spyware: Awareness and antivirus software.

Security Hardware

Trusted Platform Module (TPM): Chip on the PC to generate and store passwords.

Hardware Security Module (HSM): Large-scale, powerful, and accelerates cryptographic processes.

Attack Types

Business Email Compromise (BEC): Personalized phishing targeting CEOs, etc., requesting money.

Watering Hole Attack: Infecting a trusted website to infect visiting employees.

Other Concepts

Side Loading: Allows installing third-party apps without modifying the OS like Jailbreak.

Tabletop Exercise: Conducting a simulation without physical movement.

SCAP: Standardizes threat names from different sources.

Authentication Factors

  • Something you know: password
  • Something you have: smart card
  • Something you are: fingerprint

Incident Response Phases

  • Preparation
  • Detection
  • Analysis
  • Containment
  • Eradication
  • Recovery
  • Lessons learned

Agreement Types

SLA: Service Level Agreement – A contract between an end-user and the company, outlining minimum expected service requirements, quality, availability, and punctuality.

MOU: Memorandum of Understanding – For informal relationships, common objectives, and confidentiality.

MOA: Memorandum of Agreement – Similar to MOU but more formal; parties must accept the objectives. Can be a legal document without legal jargon.

MSA: Master Service Agreement – Legal contract of terms and conditions, covering future transactions, detailed negotiations, and future projects based on this agreement.

SOW: Statement of Work – Specific list of tasks to be performed, how they are done, location, deliveries, and information about the work; used in conjunction with MSA.

NDA: Non-Disclosure Agreement – Confidentiality agreement.

BPA: Business Partner Agreement – Association with a partner, financial contract, issues, disaster recovery.

Network Tools

nslookup/dig: Discover DNS information.

Nmap: Identifies ports, device OS, etc.

Wireshark: Packet capturing, filtering, and analysis.

Audit Types

  • Internal
    • Compliance
    • Audit committee
    • Self-assessments
  • External
    • Regulatory
    • Examinations
    • Assessment
    • Independent third-party audit

NAC Authentication

Agent-based NACs use additional software to authenticate users, while Agentless NACs use network-level protocols to authenticate users.