C726 - Cybersecurity Architecture and Engineering
Study online at https://quizlet.com/_6umv22
A multilevel security policy that prohibits processes operating on
behalf of users from writing any data below the level of their *-property
clearance.
The act of representing essential features while hiding the details
abstraction
to reduce complexity.
"A data structure that enumerates the access rights for all active
access control list (ACL)
entities (e.g., users) within a system."
"A two-dimensional matrix with active accessing entities (e.g.,
processes) on one dimension and resources (e.g., files) with
access types (e.g., read, write, and execute) entries in the in- access control matrix
tersecting cells, indicating the access the active entity has to the
corresponding resource."
"The privileges that an activity entity, such as a process, is granted
access rights
to a passive entity, such as a file."
The process by which a group of cybersecurity professionals
makes a determination regarding whether a system meets the
accreditation
minimum risk standards set by the organization for integration into
their enterprise system.
A mechanism used to dynamically control the function of a system
actuator
component.
"The portion of computer primary memory to which a program
or set of programs has access, as determined by the underlying address space
hardware."
"FIPS Standard 197 strong encryption standard, meant to replace
the Data Encryption Standard (DES), which had known vulnera- Advanced Encryption Standard (AES)
bilities."
A person or group of people whose goals are to cause damage to
adversary
the defender's system or mission.
A specification of specific characteristics that would be typical of
adversary model
an adversary that would guide their behavior and attack choices.
"A design process that emphasizes early delivery of simple func-
tionality, significant interaction with customers through feedback,
Agile design
and continuous improvement through quick releases of incremen-
tal upgrades."
"In the context of a speedup cache, aging off is the process of
replacing data that has not been accessed for some specified aging off
period with new, more recently accessed data."
See attack alarm. alarm
"A message sent to a consuming subscriber by an intrusion
detection system that there is strong evidence of an ongoing
alert
attack and any additional information that it has about that attack,
including which attack it is."
An intelligence analysis of evidence that hypothesizes the nature
of a situation that is intentionally different than the traditional or alternative analysis
mainstream interpretation of events.
A type of intrusion detection system that detects attacks by iden-
anomaly detection
tifying deviations from normal behavior.
A discipline with the goal to develop technology that solves com-
plex problems with skill and creativity that rivals that of the human artificial intelligence
brain.
Confidence that a system exhibits a stated set of properties. assurance
"A structured argument based on evidence that a statement about
system properties, particularly regarding cybersecurity and safety, assurance case
is true."
, C726 - Cybersecurity Architecture and Engineering
Study online at https://quizlet.com/_6umv22
Assurance of properties having to do with how cybersecurity com-
ponents interact as opposed to the properties of the components assurance-in-the-large
themselves (sometimes called assurance in-the-small).
Assurance that a cybersecurity component meets a speci-
fied set of cybersecurity security properties. See also assur- assurance-in-the-small
ance-in-the-large.
See public-key cryptography. asymmetric-key cryptography
A sequence of actions intended to have a specified effect favor-
attack
able to an actor that is adversarial to the owners of that system.
"A decision based on accumulated evidence collected by an in-
trusion-detection system that an ongoing attack has reached a
predesignated threshold, which warrants reporting to a human attack alarm
operator engaged in defending the network to investigate and
possibly intervene."
"For a given attack, the determination of the perpetrator." attack attribution
The determination that a given attack activity belongs to a specific
attack classification
attack class.
The ability of a given cybersecurity mechanism or class of mech-
anism to address the attacks in the set of attacks of concern. See attack coverage
also attack space.
The determination that sufficient evidence has accumulated to
attack detection
indicate that an attack is in progress.
A collection of attack trees. See also mission map. attack forest
"Attack steps in an attack sequence, during which the defender
attack interdiction points
has an opportunity to stop the steps before they succeed."
Different classes and quantities of attacks occurring within a sys-
attack load
tem or a model of the system.
Data in a feature that could reveal the existence of an ongoing
attack manifestation
attack.
"The concrete or abstract route that an attack uses to infiltrate a
system, exfiltrate data from a system, and ingress into a system for
attack path
continued control by an attacker, and propagation paths to spread
the attack to other connected systems."
"The degree to which an attack manifestation clearly indicates
the existence of that attack, as distinguished from normal system attack signal
activity or other attacks. See also Signal; Noise floor."
See signature (string). attack signature
The collection of all possible system attack classes and instances
that have been determined to be relevant and of concern to a attack space
defender.
"The speed at which an attack infiltrates, exfiltrates, or propagates.
attack speed
Useful for determining the type and urgency of defense action."
"A discrete attack (leaf attack node in an attack tree) that is one of
a sequence of attack steps, used by an adversary to accomplish attack step
a goal."
The avenues of attack that are available to an attacker by virtue
attack surface
of those avenues being exposed in some manner.
A hierarchical ordering of attacks that groups them by certain
attack taxonomy
characteristics for some stated purpose.
"Attack software written generally to allow someone (often a
novice attacker) to instantiate it by specifying a target and some
attack tool kit
other key parameters, without necessarily understanding how the
attacks themselves work."
, C726 - Cybersecurity Architecture and Engineering
Study online at https://quizlet.com/_6umv22
A goal-directed graph indicating all possible abstract paths that
an adversary might use to achieve their strategic goal. See also attack tree
mission map.
The means by which an attack succeeds in gaining access to a
attack vector
system.
"The speedup practice of storing (caching) the attributes associ-
ated with active entities locally to avoid the delay of retrieving them attribute caching
from an external service, typically over the network."
An access control policy in which the rules are based primarily
on the attributes of users on the system and not on their specific attribute-based access control
identity.
The ability to determine the responsible party for a given action. attribution
"The data records of a system pertaining to essential aspects of
its operation, including the health of the system, its performance, audit logs
and security."
"A process by which an entity proves its identity to another party
authentication
(e.g., authentication required by a user to log in or log on)."
A unique device given to a user as part of the evidence that
allows the user to validate their identity and therefore get access authentication token
to protected data.
"A process by which access between active and passive entities
authorization
on a system is specified, decided, and enforced."
"Real-time cybersecurity dynamic action that is driven entirely
by algorithms at machine speed, without involvement of human autonomic
decision making."
A property that a system will operate in the face of attempts to
availability
stop its operation (known as denial of service [DOS] attacks).
A program aspect allowing an attacker to gain access to a system
by a means other than direct authorization by the system's owners backdoor
and operators.
Firmware typically associated with Intel processors that provides
an interface to hardware services and other devices on the sys- Basic Input/Output System (BIOS)
tem.
The assessment of damage to relevant systems or attributed to
a particular set of actions by the defender or the attacker in an battle damage assessment
attempt to improve their position.
"A type of classification that merely indicates whether an event
sequence is or is not an example of a particular class (e.g., attack binary classifier
event), without determining subclasses."
"A specific subclass of a physical trait or behavior that uniquely
identifies a human. Biometrics can be measured and registered for
human-to-machine authentication with the system. Examples of biometrics
biometrics include fingerprints, retinal scans, and voice patterns.
See also authentication."
"An event that is low probability but very high impact and therefore
black swan (event)
tends to be ignored by most people, to their peril."
A team of system defenders that emulates the behavior of a typical
cybersecurity defense team within a system during some game or
blue team
exercise simulating an attack in order to better prepare a defense.
In contrast to red team (see also red team).
"Software that automates some function such as participating in a
network flooding attack (see also denial of service), or simulating
bot
a human user on social media in an attempt to influence human
opinion. See also botnet."
Study online at https://quizlet.com/_6umv22
A multilevel security policy that prohibits processes operating on
behalf of users from writing any data below the level of their *-property
clearance.
The act of representing essential features while hiding the details
abstraction
to reduce complexity.
"A data structure that enumerates the access rights for all active
access control list (ACL)
entities (e.g., users) within a system."
"A two-dimensional matrix with active accessing entities (e.g.,
processes) on one dimension and resources (e.g., files) with
access types (e.g., read, write, and execute) entries in the in- access control matrix
tersecting cells, indicating the access the active entity has to the
corresponding resource."
"The privileges that an activity entity, such as a process, is granted
access rights
to a passive entity, such as a file."
The process by which a group of cybersecurity professionals
makes a determination regarding whether a system meets the
accreditation
minimum risk standards set by the organization for integration into
their enterprise system.
A mechanism used to dynamically control the function of a system
actuator
component.
"The portion of computer primary memory to which a program
or set of programs has access, as determined by the underlying address space
hardware."
"FIPS Standard 197 strong encryption standard, meant to replace
the Data Encryption Standard (DES), which had known vulnera- Advanced Encryption Standard (AES)
bilities."
A person or group of people whose goals are to cause damage to
adversary
the defender's system or mission.
A specification of specific characteristics that would be typical of
adversary model
an adversary that would guide their behavior and attack choices.
"A design process that emphasizes early delivery of simple func-
tionality, significant interaction with customers through feedback,
Agile design
and continuous improvement through quick releases of incremen-
tal upgrades."
"In the context of a speedup cache, aging off is the process of
replacing data that has not been accessed for some specified aging off
period with new, more recently accessed data."
See attack alarm. alarm
"A message sent to a consuming subscriber by an intrusion
detection system that there is strong evidence of an ongoing
alert
attack and any additional information that it has about that attack,
including which attack it is."
An intelligence analysis of evidence that hypothesizes the nature
of a situation that is intentionally different than the traditional or alternative analysis
mainstream interpretation of events.
A type of intrusion detection system that detects attacks by iden-
anomaly detection
tifying deviations from normal behavior.
A discipline with the goal to develop technology that solves com-
plex problems with skill and creativity that rivals that of the human artificial intelligence
brain.
Confidence that a system exhibits a stated set of properties. assurance
"A structured argument based on evidence that a statement about
system properties, particularly regarding cybersecurity and safety, assurance case
is true."
, C726 - Cybersecurity Architecture and Engineering
Study online at https://quizlet.com/_6umv22
Assurance of properties having to do with how cybersecurity com-
ponents interact as opposed to the properties of the components assurance-in-the-large
themselves (sometimes called assurance in-the-small).
Assurance that a cybersecurity component meets a speci-
fied set of cybersecurity security properties. See also assur- assurance-in-the-small
ance-in-the-large.
See public-key cryptography. asymmetric-key cryptography
A sequence of actions intended to have a specified effect favor-
attack
able to an actor that is adversarial to the owners of that system.
"A decision based on accumulated evidence collected by an in-
trusion-detection system that an ongoing attack has reached a
predesignated threshold, which warrants reporting to a human attack alarm
operator engaged in defending the network to investigate and
possibly intervene."
"For a given attack, the determination of the perpetrator." attack attribution
The determination that a given attack activity belongs to a specific
attack classification
attack class.
The ability of a given cybersecurity mechanism or class of mech-
anism to address the attacks in the set of attacks of concern. See attack coverage
also attack space.
The determination that sufficient evidence has accumulated to
attack detection
indicate that an attack is in progress.
A collection of attack trees. See also mission map. attack forest
"Attack steps in an attack sequence, during which the defender
attack interdiction points
has an opportunity to stop the steps before they succeed."
Different classes and quantities of attacks occurring within a sys-
attack load
tem or a model of the system.
Data in a feature that could reveal the existence of an ongoing
attack manifestation
attack.
"The concrete or abstract route that an attack uses to infiltrate a
system, exfiltrate data from a system, and ingress into a system for
attack path
continued control by an attacker, and propagation paths to spread
the attack to other connected systems."
"The degree to which an attack manifestation clearly indicates
the existence of that attack, as distinguished from normal system attack signal
activity or other attacks. See also Signal; Noise floor."
See signature (string). attack signature
The collection of all possible system attack classes and instances
that have been determined to be relevant and of concern to a attack space
defender.
"The speed at which an attack infiltrates, exfiltrates, or propagates.
attack speed
Useful for determining the type and urgency of defense action."
"A discrete attack (leaf attack node in an attack tree) that is one of
a sequence of attack steps, used by an adversary to accomplish attack step
a goal."
The avenues of attack that are available to an attacker by virtue
attack surface
of those avenues being exposed in some manner.
A hierarchical ordering of attacks that groups them by certain
attack taxonomy
characteristics for some stated purpose.
"Attack software written generally to allow someone (often a
novice attacker) to instantiate it by specifying a target and some
attack tool kit
other key parameters, without necessarily understanding how the
attacks themselves work."
, C726 - Cybersecurity Architecture and Engineering
Study online at https://quizlet.com/_6umv22
A goal-directed graph indicating all possible abstract paths that
an adversary might use to achieve their strategic goal. See also attack tree
mission map.
The means by which an attack succeeds in gaining access to a
attack vector
system.
"The speedup practice of storing (caching) the attributes associ-
ated with active entities locally to avoid the delay of retrieving them attribute caching
from an external service, typically over the network."
An access control policy in which the rules are based primarily
on the attributes of users on the system and not on their specific attribute-based access control
identity.
The ability to determine the responsible party for a given action. attribution
"The data records of a system pertaining to essential aspects of
its operation, including the health of the system, its performance, audit logs
and security."
"A process by which an entity proves its identity to another party
authentication
(e.g., authentication required by a user to log in or log on)."
A unique device given to a user as part of the evidence that
allows the user to validate their identity and therefore get access authentication token
to protected data.
"A process by which access between active and passive entities
authorization
on a system is specified, decided, and enforced."
"Real-time cybersecurity dynamic action that is driven entirely
by algorithms at machine speed, without involvement of human autonomic
decision making."
A property that a system will operate in the face of attempts to
availability
stop its operation (known as denial of service [DOS] attacks).
A program aspect allowing an attacker to gain access to a system
by a means other than direct authorization by the system's owners backdoor
and operators.
Firmware typically associated with Intel processors that provides
an interface to hardware services and other devices on the sys- Basic Input/Output System (BIOS)
tem.
The assessment of damage to relevant systems or attributed to
a particular set of actions by the defender or the attacker in an battle damage assessment
attempt to improve their position.
"A type of classification that merely indicates whether an event
sequence is or is not an example of a particular class (e.g., attack binary classifier
event), without determining subclasses."
"A specific subclass of a physical trait or behavior that uniquely
identifies a human. Biometrics can be measured and registered for
human-to-machine authentication with the system. Examples of biometrics
biometrics include fingerprints, retinal scans, and voice patterns.
See also authentication."
"An event that is low probability but very high impact and therefore
black swan (event)
tends to be ignored by most people, to their peril."
A team of system defenders that emulates the behavior of a typical
cybersecurity defense team within a system during some game or
blue team
exercise simulating an attack in order to better prepare a defense.
In contrast to red team (see also red team).
"Software that automates some function such as participating in a
network flooding attack (see also denial of service), or simulating
bot
a human user on social media in an attempt to influence human
opinion. See also botnet."
