d1: security principles
adequate security administrative controls artificial intelligence asset authentication authorization availability baseline biometric bot classified or sensitive information confidentiality criticality data integrity encryption general data protection regulation (gdpr) governance health insurance portability and accountability act (hipaa) impact information security risk integrity international organization of standards (iso) internet engineering task force (ietf) likelihood likelihood of occurrence multi-factor authentication national institutes of standards and technology (nist) non-repudiation personally identifiable information (pii) physical controls privacy probability protected health information (phi) qualitative risk analysis quantitative risk analysis risk risk acceptance risk assessment risk avoidance risk management risk management framework risk mitigation risk tolerance risk transference risk treatment security controls sensitivity single-factor authentication state system integrity technical controls threat threat actor threat vector token vulnerability institute of electrical and electronics engineers (ieee)
d2: ir, bc, dr concepts
adverse events breach business continuity (bc) business continuity plan (bcp) business impact analysis (bia) disaster recovery (dr) disaster recovery plan (drp) event exploit incident incident handling or incident response (ir) incident response plan (irp) intrusion security operations center vulnerability zero day
d3: access control concepts
audit crime prevention through environmental design (cpted) defense in depth discretionary access control (dac) encrypt firewalls insider threat iOS layered defense linux log anomaly logging logical access control systems mandatory access control mantrap object physical access controls principle of least privilege privileged account ransomware role-based access control (rbac) rule segregation of duties subject technical controls turnstile unix user provisioning
d4: network security
application programming interface (api) bit broadcast byte cloud computing community cloud de-encapsulation denial-of-service (DoS) domain name service (dns) encapsulation encryption file transfer protocol (ftp) fragment attack hardware hybrid cloud infrastructure as a service (IaaS) internet control message protocol (icmp) internet protocol (IPv4) man-in-the-middle (mitm) microsegmentation oversized packet attack packet payload payment card industry data security standard (pci dss) platform as a service (PaaS) private cloud protocols public cloud simple mail transport protocol (smtp) software software as a service (SaaS) spoofing transport control protocol/internet protocol (tcp/ip) model vlan vpn wlan zenmap zero trust
d5: security operations
application server asymmetric encryption checksum ciphertext classification configuration management cryptanalyst cyptography data loss prevention (dlp) decryption degaussing digital signature egress monitoring encryption encryption system hardening hash function hashing information sharing ingress monitoring message digest operating system patch patch management plaintext records records retention remanence request for change (rfc) security governance social engineering symmetric encryption web server whaling attack