-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
839 lines (822 loc) Β· 229 KB
/
index.html
File metadata and controls
839 lines (822 loc) Β· 229 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SECURITY+ // Classified Reference Dossier β All 5 Domains</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link href="https://fonts.googleapis.com/css2?family=Special+Elite&family=Courier+Prime:ital,wght@0,400;0,700;1,400&family=Bebas+Neue&display=swap" rel="stylesheet">
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
:root {
--paper: #f2ead8; --paper2: #ede4ce; --paper3: #e6dcc4;
--ink: #1a1208; --ink2: #3d2f1a; --ink3: #6b5840; --ink4: #9a8a72;
--red: #c0392b; --red2: #922b21; --red-dim: rgba(192,57,43,0.12);
--blue: #1a3a5c; --blue2: #2c5282; --blue-dim: rgba(26,58,92,0.1);
--green: #1a4a2a; --purple: #4a1a6a; --orange: #8b4513;
--rule: rgba(26,18,8,0.15); --rule2: rgba(26,18,8,0.3);
--mono: 'Courier Prime', monospace;
--type: 'Special Elite', cursive;
--display: 'Bebas Neue', sans-serif;
--shadow-lg: 4px 6px 20px rgba(0,0,0,0.2);
}
html { scroll-behavior: smooth; }
body {
background: #c8b99a;
background-image: radial-gradient(ellipse at 30% 10%,#d4c5a8 0%,transparent 60%),
radial-gradient(ellipse at 70% 90%,#baa888 0%,transparent 60%);
color: var(--ink); font-family: var(--mono); font-size: 13px;
line-height: 1.7; min-height: 100vh; padding: 30px 20px 60px;
}
body::before {
content: ''; position: fixed; inset: 0;
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='300' height='300'%3E%3Cfilter id='n'%3E%3CfeTurbulence type='fractalNoise' baseFrequency='0.9' numOctaves='4' stitchTiles='stitch'/%3E%3CfeColorMatrix type='saturate' values='0'/%3E%3C/filter%3E%3Crect width='300' height='300' filter='url(%23n)' opacity='0.04'/%3E%3C/svg%3E");
pointer-events: none; z-index: 0; opacity: 0.6;
}
.shell { position: relative; z-index: 1; max-width: 1100px; margin: 0 auto; }
.dossier {
background: var(--paper);
box-shadow: var(--shadow-lg), 8px 8px 0 #b0a088, 16px 16px 0 #a09070;
border: 1px solid var(--ink4); position: relative; overflow: hidden;
}
.dossier::before {
content: ''; position: absolute; inset: 0;
background: linear-gradient(to right,rgba(0,0,0,0.04) 0%,transparent 2%,transparent 98%,rgba(0,0,0,0.04) 100%),
linear-gradient(to bottom,rgba(0,0,0,0.02) 0%,transparent 3%,transparent 97%,rgba(0,0,0,0.04) 100%);
pointer-events: none; z-index: 0;
}
.dossier::after {
content: ''; position: absolute; inset: 0;
background-image: repeating-linear-gradient(to bottom,transparent,transparent 27px,rgba(26,18,8,0.06) 27px,rgba(26,18,8,0.06) 28px);
background-position: 0 60px; pointer-events: none; z-index: 0;
}
.dossier-inner { position: relative; z-index: 1; }
.dossier-inner::before {
content: ''; position: absolute; left: 96px; top: 0; bottom: 0;
width: 1px; background: rgba(192,57,43,0.22); pointer-events: none; z-index: 0;
}
.hdr { padding: 40px 50px 32px; border-bottom: 3px double var(--rule2); position: relative; z-index: 1; }
.classification-stamp {
font-family: var(--display); font-size: 13px; letter-spacing: 0.3em; color: var(--red);
border: 2.5px solid var(--red); display: inline-block; padding: 4px 16px;
margin-bottom: 20px; transform: rotate(-1.5deg); opacity: 0.85;
box-shadow: inset 0 0 0 1px rgba(192,57,43,0.2);
}
.doc-meta { font-family: var(--mono); font-size: 10px; color: var(--ink3); letter-spacing: 0.08em; margin-bottom: 16px; display: flex; gap: 24px; flex-wrap: wrap; }
.doc-meta strong { color: var(--ink2); }
.hdr-title { font-family: var(--display); font-size: clamp(36px,6vw,80px); line-height: 0.95; letter-spacing: 0.04em; color: var(--ink); margin-bottom: 12px; }
.hdr-title em { color: var(--red2); font-style: normal; }
.hdr-sub { font-family: var(--type); font-size: 13px; color: var(--ink2); max-width: 620px; line-height: 1.8; border-left: 3px solid var(--ink4); padding-left: 16px; margin-top: 16px; }
.watermark { position: absolute; top: 50%; right: 40px; transform: translateY(-50%) rotate(-20deg); font-family: var(--display); font-size: 80px; color: var(--red); opacity: 0.06; pointer-events: none; letter-spacing: 0.1em; user-select: none; z-index: 0; }
.controls-bar { padding: 16px 50px; border-bottom: 1px solid var(--rule); background: var(--paper2); display: flex; gap: 12px; flex-wrap: wrap; align-items: center; }
.search-wrap { flex: 1; min-width: 240px; position: relative; }
.search-wrap::before { content: 'QUERY:'; position: absolute; left: 12px; top: 50%; transform: translateY(-50%); font-family: var(--mono); font-size: 9px; font-weight: 700; color: var(--ink3); letter-spacing: 0.1em; pointer-events: none; z-index: 1; }
.search-wrap input { width: 100%; background: transparent; border: 1px solid var(--rule2); border-bottom: 2px solid var(--ink3); color: var(--ink); font-family: var(--mono); font-size: 12px; padding: 9px 12px 9px 62px; outline: none; transition: border-color 0.15s; letter-spacing: 0.04em; }
.search-wrap input::placeholder { color: var(--ink4); font-style: italic; }
.search-wrap input:focus { border-bottom-color: var(--red); }
.filter-row { display: flex; gap: 8px; flex-wrap: wrap; }
.fbtn { background: transparent; border: 1px solid var(--ink4); color: var(--ink2); font-family: var(--display); font-size: 11px; letter-spacing: 0.12em; padding: 8px 14px; cursor: pointer; transition: background 0.15s,color 0.15s,border-color 0.15s; white-space: nowrap; }
.fbtn:hover { border-color: var(--ink2); color: var(--ink); }
.fbtn.active { background: var(--ink); color: var(--paper); border-color: var(--ink); }
.fbtn[data-filter="d1"].active { background: var(--red2); border-color: var(--red2); }
.fbtn[data-filter="d2"].active { background: var(--blue); border-color: var(--blue); }
.fbtn[data-filter="d3"].active { background: var(--green); border-color: var(--green); }
.fbtn[data-filter="d4"].active { background: var(--purple); border-color: var(--purple); }
.fbtn[data-filter="d5"].active { background: var(--orange); border-color: var(--orange); }
.stats-row { padding: 10px 50px; border-bottom: 1px solid var(--rule); display: flex; gap: 32px; flex-wrap: wrap; background: var(--paper3); }
.stat { font-family: var(--mono); font-size: 10px; color: var(--ink3); letter-spacing: 0.08em; display: flex; align-items: center; gap: 8px; }
.stat strong { font-family: var(--display); font-size: 18px; color: var(--ink); letter-spacing: 0.05em; }
.domain-section { padding: 0 50px; border-bottom: 2px solid var(--rule); }
.domain-hdr { padding: 20px 0 16px; display: flex; align-items: baseline; gap: 16px; border-bottom: 1px solid var(--rule); }
.domain-num { font-family: var(--display); font-size: 11px; color: var(--paper); padding: 2px 10px; letter-spacing: 0.2em; }
.domain-hdr[data-color="red"] .domain-num { background: var(--red2); }
.domain-hdr[data-color="blue"] .domain-num { background: var(--blue); }
.domain-hdr[data-color="green"] .domain-num { background: var(--green); }
.domain-hdr[data-color="purple"] .domain-num { background: var(--purple); }
.domain-hdr[data-color="orange"] .domain-num { background: var(--orange); }
.domain-title { font-family: var(--display); font-size: 18px; letter-spacing: 0.15em; color: var(--ink); }
.domain-sub { font-family: var(--mono); font-size: 9px; color: var(--ink4); letter-spacing: 0.08em; text-transform: uppercase; margin-left: auto; }
.subsection { border-bottom: 1px dashed var(--rule); }
.sub-hdr { padding: 14px 0 12px; display: flex; align-items: center; gap: 12px; cursor: pointer; user-select: none; border-bottom: 1px solid var(--rule); }
.sub-hdr:hover .sub-title { color: var(--red2); }
.sub-bullet { width: 8px; height: 8px; border: 2px solid var(--ink2); transform: rotate(45deg); flex-shrink: 0; transition: background 0.15s; }
.subsection.open .sub-bullet { background: var(--ink2); }
.sub-title { font-family: var(--display); font-size: 13px; letter-spacing: 0.18em; color: var(--ink2); transition: color 0.15s; }
.sub-count { font-family: var(--mono); font-size: 9px; color: var(--ink4); letter-spacing: 0.08em; margin-left: auto; }
.sub-toggle { font-family: var(--mono); font-size: 10px; color: var(--ink4); transition: transform 0.2s; }
.subsection.open .sub-toggle { transform: rotate(90deg); }
.sub-body { display: none; }
.subsection.open .sub-body { display: block; }
.tbl-scroll { overflow-x: auto; width: 100%; }
.term-table { width: 100%; min-width: 500px; border-collapse: collapse; margin: 0; animation: typeIn 0.2s ease; }
@keyframes typeIn { from{opacity:0} to{opacity:1} }
.term-table thead tr { background: var(--paper3); border-bottom: 2px solid var(--rule2); }
.term-table thead th { padding: 10px 14px; text-align: left; font-family: var(--display); font-size: 10px; letter-spacing: 0.25em; color: var(--ink3); font-weight: normal; white-space: nowrap; }
.term-table tbody tr { border-bottom: 1px solid var(--rule); transition: background 0.1s; cursor: pointer; }
.term-table tbody tr:hover { background: rgba(26,18,8,0.04); }
.term-table tbody tr.expanded { background: rgba(26,18,8,0.03); }
.term-table td { padding: 11px 14px; vertical-align: top; line-height: 1.6; }
.td-term { font-family: var(--type); font-size: 13px; color: var(--ink); font-weight: 700; white-space: normal; overflow-wrap: break-word; min-width: 150px; max-width: 200px; }
.td-def { font-family: var(--mono); font-size: 11.5px; color: var(--ink2); }
.td-ex { font-family: var(--type); font-size: 12px; color: var(--ink3); font-style: italic; min-width: 180px; }
.expand-row { display: none; }
.expand-row.show { display: table-row; }
.expand-row td { background: var(--paper2); border-bottom: 2px solid var(--rule2); padding: 0; vertical-align: top; }
.expand-inner { padding: 18px 20px; display: grid; grid-template-columns: 1fr 1fr; gap: 24px; align-items: start; }
.expand-label { font-family: var(--display); font-size: 9px; letter-spacing: 0.3em; color: var(--red2); margin-bottom: 8px; display: flex; align-items: center; gap: 8px; }
.expand-label::after { content: ''; flex: 1; height: 1px; background: var(--rule2); }
.expand-text { font-family: var(--mono); font-size: 11.5px; color: var(--ink2); line-height: 1.8; }
.expand-ex { font-family: var(--type); font-size: 12px; color: var(--ink3); font-style: italic; line-height: 1.8; border-left: 2px solid var(--ink4); padding-left: 12px; }
mark { background: rgba(192,57,43,0.18); color: var(--red2); padding: 1px 2px; }
.empty-state { display: none; padding: 50px; text-align: center; }
.empty-state.show { display: block; }
.empty-state p { font-family: var(--type); font-size: 14px; color: var(--ink3); font-style: italic; }
.doc-footer { padding: 20px 50px; border-top: 3px double var(--rule2); display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 10px; background: var(--paper2); }
.doc-footer p { font-family: var(--mono); font-size: 9px; color: var(--ink4); letter-spacing: 0.08em; }
.footer-stamp { font-family: var(--display); font-size: 11px; letter-spacing: 0.25em; color: var(--red); border: 2px solid var(--red); padding: 3px 10px; opacity: 0.7; transform: rotate(1deg); display: inline-block; }
@media (max-width: 900px) { .expand-inner { grid-template-columns: 1fr; } }
@media (max-width: 768px) {
.hdr,.controls-bar,.stats-row,.domain-section { padding-left: 20px; padding-right: 20px; }
.td-ex { display: none; } .dossier-inner::before { display: none; } .hdr-title { font-size: 36px; }
.term-table { min-width: 360px; }
}
@media (max-width: 480px) {
body { padding: 10px; }
.td-def { font-size: 10.5px; } .controls-bar { padding: 12px; gap: 10px; } .stats-row { padding: 8px 12px; gap: 14px 20px; }
}
</style>
</head>
<body>
<div class="shell">
<div class="dossier">
<div class="dossier-inner">
<div class="hdr">
<div class="watermark">CLASSIFIED</div>
<div class="classification-stamp">FOR OFFICIAL STUDY USE ONLY</div>
<div class="doc-meta">
<span><strong>REF:</strong> COMPTIA-SEC-PLUS-GLO-001</span>
<span><strong>DOMAIN COVERAGE:</strong> 1β5 OF 5</span>
<span><strong>TERMS INDEXED:</strong> <span id="totalCount">β</span></span>
<span><strong>CLEARANCE:</strong> CANDIDATE</span>
</div>
<h1 class="hdr-title"><em>SECURITY+</em><br>REFERENCE DOSSIER</h1>
<p class="hdr-sub">CompTIA Security+ SY0-701 exam preparation glossary. All 5 domains covered. Click any row to expand full definition and contextual example. Press <kbd style="background:var(--ink);color:var(--paper);padding:1px 5px;font-family:var(--mono);font-size:10px;">/</kbd> to search Β· <kbd style="background:var(--ink);color:var(--paper);padding:1px 5px;font-family:var(--mono);font-size:10px;">Esc</kbd> to clear.</p>
</div>
<div class="controls-bar">
<div class="search-wrap">
<input type="text" id="searchInput" placeholder="search terms, definitions, examples..." autocomplete="off" spellcheck="false">
</div>
<div class="filter-row">
<button class="fbtn active" data-filter="all">ALL</button>
<button class="fbtn" data-filter="d1">D1</button>
<button class="fbtn" data-filter="d2">D2</button>
<button class="fbtn" data-filter="d3">D3</button>
<button class="fbtn" data-filter="d4">D4</button>
<button class="fbtn" data-filter="d5">D5</button>
</div>
</div>
<div class="stats-row">
<div class="stat"><strong id="visCount">β</strong> visible</div>
<div class="stat"><strong id="d1count">β</strong> D1 General Security</div>
<div class="stat"><strong id="d2count">β</strong> D2 Threats & Vulns</div>
<div class="stat"><strong id="d3count">β</strong> D3 Architecture</div>
<div class="stat"><strong id="d4count">β</strong> D4 Operations</div>
<div class="stat"><strong id="d5count">β</strong> D5 Governance</div>
</div>
<!-- DOMAIN 1 -->
<section class="domain-section" data-domain="d1">
<div class="domain-hdr" data-color="red">
<div class="domain-num">DOMAIN 01</div>
<div class="domain-title">General Security Concepts</div>
<div class="domain-sub">12% of exam Β· sections 1.1 β 1.4</div>
</div>
<div class="subsection open" data-sub="d1s1">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">1.1 β Security Control Types</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d1"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Categories"><td class="td-term">Categories</td><td class="td-def">Broad classifications describing the nature and purpose of security controls: technical, managerial, operational, and physical.</td><td class="td-ex">Controls are categorized as technical, managerial, operational, and physical to streamline implementation.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Broad classifications that describe the nature and purpose of security controls, enabling organized application across different domains of an organization.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Security controls are categorized into technical, managerial, operational, and physical to streamline their implementation and management.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Compensating"><td class="td-term">Compensating</td><td class="td-def">Alternative controls that achieve security goals when primary controls are not feasible due to technical or operational constraints.</td><td class="td-ex">When full encryption is not possible, strong access controls and logging serve as compensating controls.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls that provide an alternative method to achieve security goals when primary controls cannot be implemented due to technical, financial, or operational constraints.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">If an organization cannot implement a complete encryption solution, it might protect sensitive data with compensating controls such as strong access controls and logging.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Control Types"><td class="td-term">Control Types</td><td class="td-def">Categories of security mechanisms: preventive, detective, corrective, deterrent, compensating, and directive.</td><td class="td-ex">Preventive stops threats; detective identifies incidents; corrective restores systems; deterrent discourages attacks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Categories of security mechanisms designed to mitigate risks, enforce policies, and safeguard systems. Includes preventive, detective, corrective, deterrent, compensating, and directive types.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Organizations use preventive controls to stop threats before they occur, detective controls to identify incidents, and corrective controls to restore systems after a breach.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Corrective"><td class="td-term">Corrective</td><td class="td-def">Controls that respond to and rectify security incidents after they have occurred, including patching and policy updates.</td><td class="td-ex">Post-breach patching of vulnerabilities and updating security protocols are corrective controls.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls activated after an incident to minimize damage, restore operations, and prevent recurrence. Include patch management, system restoration, and policy revisions.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After a data breach, an organization implements corrective controls such as patching vulnerabilities and updating security protocols to prevent future incidents.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Detective"><td class="td-term">Detective</td><td class="td-def">Controls that identify and alert organizations to security incidents as they occur through monitoring and analysis.</td><td class="td-ex">Intrusion detection systems (IDS) monitor network traffic and alert administrators to suspicious activities.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls that monitor systems and activities to identify security incidents in progress or after the fact. They do not prevent attacks but provide visibility and trigger response.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">IDS monitors network traffic and alerts administrators to suspicious activities, serving as detective controls.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Deterrent"><td class="td-term">Deterrent</td><td class="td-def">Controls designed to discourage individuals from attempting to breach security measures through visible warnings.</td><td class="td-ex">Warning signs about surveillance cameras deter potential intruders from attempting unauthorized access.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls that reduce the likelihood of an attack by discouraging adversaries through visible warnings, legal notices, or security presence. Target attacker psychology.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Warning signs indicating surveillance cameras are in use act as deterrent controls, making potential intruders think twice before attempting to breach security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Directive"><td class="td-term">Directive</td><td class="td-def">Controls that guide employee behavior through policies, procedures, standards, and training programs.</td><td class="td-ex">A security awareness training program teaching employees to recognize phishing is a directive control.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls that guide behavior through policies, procedures, standards, and training. Establish expectations and required actions rather than technical enforcement.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A security awareness training program that educates employees on phishing attacks serves as a directive control, guiding them on recognizing and responding to security threats.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Managerial"><td class="td-term">Managerial</td><td class="td-def">Controls focusing on managing security policies, procedures, and compliance through organizational practices. Also called administrative controls.</td><td class="td-ex">Security policies and employee training programs are managerial controls ensuring security protocols are followed.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls addressing the human and policy dimension of security. Include risk assessments, security policies, awareness training, and compliance audits. Also called administrative controls.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company's security policy and employee training programs are managerial controls that ensure security protocols are followed.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Operational"><td class="td-term">Operational</td><td class="td-def">Controls involving day-to-day operations and processes executed by people to maintain security.</td><td class="td-ex">Regular security audits and incident response drills are operational controls supporting effective threat response.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls implemented and executed by people as part of ongoing operations. Include security monitoring, patch cycles, change management, and incident response procedures.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Regular security audits and incident response drills are operational controls that help an organization respond effectively to security threats.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Physical"><td class="td-term">Physical</td><td class="td-def">Security measures protecting physical assets and facilities from unauthorized access, theft, or damage.</td><td class="td-ex">Key card access systems and biometric scanners restricting server room entry are physical controls.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls protecting tangible assets, facilities, and personnel from unauthorized physical access, theft, damage, or environmental hazards. Operate independently of digital systems.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Access control systems such as key cards or biometric scanners are physical controls that restrict entry to sensitive areas.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Preventive"><td class="td-term">Preventive</td><td class="td-def">Controls aimed at stopping security incidents before they occur through firewalls, encryption, MFA, and access controls.</td><td class="td-ex">Antivirus software and regular patch management are preventive controls protecting systems from malware.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls that proactively reduce the likelihood or impact of a security incident. Include firewalls, encryption, MFA, access controls, and security hardening.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Installing antivirus software and performing regular updates are preventive controls that help protect systems from malware attacks.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Technical"><td class="td-term">Technical</td><td class="td-def">Security measures using technology to enforce security policies automatically. Also called logical controls.</td><td class="td-ex">Firewalls and TLS encryption are technical controls safeguarding data transmitted over networks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls (also called logical controls) using technology to enforce security policies automatically. Include firewalls, IDS/IPS, encryption, ACLs, and authentication systems.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Firewalls and encryption are examples of technical controls used to safeguard data during transmission over networks.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d1s2">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">1.2 β Fundamental Security Concepts</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d1"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="AAA (Authentication Authorization Accounting)"><td class="td-term">AAA</td><td class="td-def">Framework for controlling access: Authentication verifies identity, Authorization grants permissions, Accounting tracks usage.</td><td class="td-ex">A bank uses AAA protocols to ensure only authorized users access accounts and all transactions are logged.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">AAA is the foundational access control framework: Authentication verifies who you are; Authorization determines what you can do; Accounting records what you did. RADIUS and TACACS+ are common AAA protocols.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A bank uses AAA protocols to ensure that only authorized users can access their accounts and that their transactions are logged for audit purposes.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Availability"><td class="td-term">Availability</td><td class="td-def">Guarantee that systems and data are accessible when needed by authorized users. The 'A' in the CIA triad.</td><td class="td-ex">Redundant servers and off-site backups ensure high availability of services during outages.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The 'A' in the CIA triad. Ensures authorized users can access systems and data when needed. Threatened by DoS attacks, hardware failures, and natural disasters.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Implementing redundant servers and backups ensures high availability of services during outages.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Confidentiality"><td class="td-term">Confidentiality</td><td class="td-def">Principle ensuring sensitive information is not disclosed to unauthorized individuals. The 'C' in the CIA triad.</td><td class="td-ex">Encrypting emails containing personal information maintains confidentiality during transmission.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The 'C' in the CIA triad. Ensures data is accessible only to those with authorized access. Protected through encryption, access controls, data classification, and need-to-know policies.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Encrypting emails to protect personal information is a common practice to maintain confidentiality.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Integrity"><td class="td-term">Integrity</td><td class="td-def">Assurance that data is accurate and unaltered except by authorized users. The 'I' in the CIA triad.</td><td class="td-ex">Hashing files ensures data integrity, allowing users to verify a file has not been modified since creation.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The 'I' in the CIA triad. Ensures data has not been tampered with by unauthorized parties. Protected through cryptographic hashing, digital signatures, checksums, and version control.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Hashing files can ensure data integrity, allowing users to verify that the file has not been modified since its creation.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Non-Repudiation"><td class="td-term">Non-Repudiation</td><td class="td-def">Security principle preventing individuals from denying their actions related to data or transactions.</td><td class="td-ex">Digital signatures provide non-repudiation, proving the sender sent a specific message or transaction.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Ensures the origin of data or a transaction cannot be denied. Achieved through digital signatures, audit logs, and timestamping. Critical for legal admissibility and financial transactions.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Digital signatures provide non-repudiation, allowing the sender to prove that they sent a message or transaction.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Zero Trust"><td class="td-term">Zero Trust</td><td class="td-def">Security model requiring strict identity verification for every access request regardless of network location. "Never trust, always verify."</td><td class="td-ex">In zero-trust environments, all access requests are authenticated and authorized even for internal users.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Operates on "never trust, always verify." Every access request β inside or outside the perimeter β must be authenticated, authorized, and continuously validated against policy. Eliminates implicit trust zones.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">In a zero-trust environment, all access requests must be authenticated and authorized, even for users within the corporate network.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Gap Analysis"><td class="td-term">Gap Analysis</td><td class="td-def">Comparing actual security performance with desired performance to identify discrepancies and improvement areas.</td><td class="td-ex">A company evaluates its cybersecurity measures against industry best practices to identify shortfalls.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A process identifying the difference between an organization's current security posture and a target state. The output is a prioritized remediation roadmap aligned to a framework or regulation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company conducts a gap analysis to evaluate its current cybersecurity measures against industry best practices.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Honeypot"><td class="td-term">Honeypot</td><td class="td-def">A decoy system designed to attract and detect unauthorized access attempts, capturing attacker tools and techniques.</td><td class="td-ex">A honeypot mimics a vulnerable server to monitor attacker behavior and gather threat intelligence.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A purposely vulnerable decoy system that appears to be a legitimate target. Detects unauthorized access, captures attacker tools and techniques, and generates early-warning alerts with zero false-positives.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A honeypot can mimic a vulnerable server to monitor attacker behavior and gather intelligence on security threats.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Honeynet"><td class="td-term">Honeynet</td><td class="td-def">A network of honeypots simulating a real environment to capture a broader range of attack behavior data.</td><td class="td-ex">Security researchers deploy honeynets to study APTs by observing how attackers move across multiple decoy systems.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A controlled network of interconnected honeypots simulating an entire production environment, enabling researchers to observe complete attack kill-chains from initial access through lateral movement.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Security researchers deploy a honeynet to study advanced persistent threats (APTs) by observing how attackers interact with multiple decoy systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Honeyfile"><td class="td-term">Honeyfile</td><td class="td-def">A file planted in a system that appears valuable but is designed to alert administrators when accessed.</td><td class="td-ex">A file labeled "Confidential Financial Data" triggers an alert if any user attempts to open it.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A decoy document placed where an attacker would likely access during reconnaissance. Any read, write, or access attempt triggers an alert β zero false-positives since no legitimate use exists.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company might place a honeyfile labeled "Confidential Financial Data" to trigger an alert if someone attempts to open it.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Honeytoken"><td class="td-term">Honeytoken</td><td class="td-def">A piece of data appearing legitimate that serves as a trap to detect unauthorized access or misuse.</td><td class="td-ex">A fake user account (honeytoken) lets security teams monitor unauthorized attempts to use stolen credentials.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Digital decoys β fake credentials, API keys, database records, or email addresses β with no legitimate use. Any attempt to use them is an unambiguous indicator of compromise.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Using a honeytoken, such as a fake user account, allows security teams to monitor unauthorized attempts to access sensitive resources.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Access Badge"><td class="td-term">Access Badge</td><td class="td-def">A physical card containing encoded credentials that authenticates the holder and grants access to controlled physical spaces.</td><td class="td-ex">Employees scan badges at entry points to unlock doors to secure areas within an office.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A physical or smart card containing encoded credentials (magnetic strip, RFID, or smart chip) that authenticates the holder and grants access to controlled physical spaces.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees must scan their access badges at entry points to unlock doors and access secure areas within an office.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Access Control Vestibule"><td class="td-term">Access Control Vestibule</td><td class="td-def">An enclosed interlocking door system preventing tailgating. Also called a mantrap.</td><td class="td-ex">Corporate offices use vestibules with security guards to verify identities before allowing entry into secured areas.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An interlocking door system preventing tailgating. The first door must close and authentication must complete before the second door opens. Also called a mantrap.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Many corporate offices use access control vestibules with security guards to verify identities before allowing entry.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Bollards"><td class="td-term">Bollards</td><td class="td-def">Short, sturdy vertical posts that control vehicle access and protect infrastructure from vehicle-borne attacks.</td><td class="td-ex">Bollards in front of government buildings prevent unauthorized vehicle entry and protect against ramming attacks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Vehicle access control devices β fixed or removable steel or concrete posts β that prevent unauthorized vehicles from entering a protected area. Protect against vehicle-borne IED attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Bollards are often used in front of government buildings to prevent unauthorized vehicle entry and enhance security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Video Surveillance"><td class="td-term">Video Surveillance</td><td class="td-def">CCTV and IP camera systems providing continuous monitoring, recording, and deterrence.</td><td class="td-ex">Retail stores use video surveillance systems to deter theft and provide evidence of security incidents.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">CCTV and IP camera systems providing continuous monitoring, recording, and deterrence. Modern systems include analytics for automated motion detection, facial recognition, and anomaly alerts.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Retail stores utilize video surveillance systems to deter theft and monitor customer behavior.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d1s3">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">1.3 β Change Management & Security Impact</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d1"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Allow Lists / Deny Lists"><td class="td-term">Allow / Deny Lists</td><td class="td-def">Allow lists explicitly permit only approved entities; deny lists block known-bad entities.</td><td class="td-ex">An allow list permits only trusted IP addresses to access internal applications, blocking everything else.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Allow lists (whitelists) explicitly permit only approved entities; everything else is denied by default. Deny lists (blacklists) block known-bad entities. Allow lists provide stronger security but require more management.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An organization uses an allow list to permit only trusted IP addresses to access its internal applications, enhancing security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Backout Plan"><td class="td-term">Backout Plan</td><td class="td-def">A predefined strategy for reversing changes if an implementation fails or causes adverse effects.</td><td class="td-ex">A backout plan restored previous configurations after a new security software deployment caused system instability.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A rollback plan specifying exactly how to restore prior state if a change causes unintended problems. Required component of any change request in a mature change management process.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A backout plan was activated to restore previous configurations after the deployment of a new security software caused system instability.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Maintenance Window"><td class="td-term">Maintenance Window</td><td class="td-def">A pre-approved time period β often nights or weekends β during which changes can be applied with minimal business impact.</td><td class="td-ex">An organization scheduled a weekend maintenance window to apply critical security patches to all servers.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A pre-approved time period β often nights or weekends β during which changes can be applied to systems with minimal business impact. Part of formal change management processes.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The organization scheduled a maintenance window over the weekend to apply critical security patches to all servers.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Standard Operating Procedure (SOP)"><td class="td-term">Standard Operating Procedure</td><td class="td-def">Step-by-step instructions outlining how to perform specific tasks to ensure consistency and quality in operations.</td><td class="td-ex">An SOP for incident response provides detailed steps for detecting, reporting, and addressing security incidents.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Documented, repeatable procedures ensuring tasks are performed consistently and correctly regardless of who executes them. SOPs are essential for incident response, change management, and audit compliance.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An SOP for incident response provides detailed steps for detecting, reporting, and addressing security incidents systematically.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Version Control"><td class="td-term">Version Control</td><td class="td-def">A system tracking changes to documents or code over time, enabling rollback to known-good states and providing audit trails.</td><td class="td-ex">Version control helps teams track changes to security documentation, ensuring everyone uses the most current information.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Systems like Git track changes to code, configuration files, and documentation over time. Enables rollback to known-good states, provides audit trails, and prevents unauthorized or accidental changes.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Version control systems help teams track changes to security documentation, ensuring all team members are working with the most current information.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Impact Analysis"><td class="td-term">Impact Analysis</td><td class="td-def">A systematic assessment of how a proposed change could affect business operations, security posture, and compliance.</td><td class="td-ex">Conducting an impact analysis before implementing new security measures helps ensure minimal disruption to critical operations.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A systematic assessment of how a proposed change could affect business operations, security posture, and compliance. Mandatory before implementing changes that could disrupt critical services.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Conducting an impact analysis before implementing new security measures helps ensure minimal disruption to critical business operations.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d1s4">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">1.4 β Cryptographic Solutions</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d1"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Asymmetric Encryption"><td class="td-term">Asymmetric Encryption</td><td class="td-def">Encryption using a mathematically linked key pair (public/private). Data encrypted with the public key can only be decrypted by the private key.</td><td class="td-ex">Asymmetric encryption allows secure data exchange without sharing private keys, enhancing security.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Uses mathematically linked key pairs: data encrypted with the public key can only be decrypted by the corresponding private key. Slower than symmetric encryption; used for key exchange and digital signatures.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Asymmetric encryption allows for the exchange of secure data without sharing private keys, enhancing security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Symmetric Encryption"><td class="td-term">Symmetric Encryption</td><td class="td-def">Encryption using the same key for both encryption and decryption. Faster than asymmetric; AES is the standard.</td><td class="td-ex">Symmetric encryption is faster than asymmetric and used for encrypting large amounts of data like files or databases.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Uses a single shared key for both encryption and decryption. Much faster than asymmetric encryption. Key distribution is a challenge β the shared key must be securely exchanged before communication. AES is the standard.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Symmetric encryption is faster and often used for encrypting large amounts of data, such as files or databases.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Hashing"><td class="td-term">Hashing</td><td class="td-def">A one-way mathematical function producing a fixed-length digest of any input. Used for password storage and integrity verification.</td><td class="td-ex">Hashing passwords ensures the actual passwords remain unrecoverable even if the database is compromised.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A one-way mathematical function producing a fixed-length digest of any input. Used for password storage, integrity verification, and digital signatures. Cannot be reversed to obtain the original data.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Hashing passwords ensures that even if the database is compromised, the actual passwords remain secure and unrecoverable.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Salting"><td class="td-term">Salting</td><td class="td-def">Adding a random unique value to each password before hashing to defeat rainbow table and dictionary attacks.</td><td class="td-ex">Salting passwords before hashing prevents attackers from using rainbow tables to crack password hashes.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A random unique value appended to each password before hashing. Ensures that identical passwords produce different hashes, defeating rainbow table and dictionary attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Salting passwords before hashing prevents attackers from using rainbow tables to crack password hashes.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Digital Signatures"><td class="td-term">Digital Signatures</td><td class="td-def">Provides authentication, integrity, and non-repudiation by hashing a message and encrypting with the sender's private key.</td><td class="td-ex">Digital signatures confirm an email is from the claimed sender and has not been altered during transmission.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Created by hashing a message and encrypting the hash with the sender's private key. Recipients decrypt with the sender's public key and verify the hash matches. Provides authentication, integrity, and non-repudiation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Digital signatures ensure that an email is from the claimed sender and has not been altered during transmission.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="PKI (Public Key Infrastructure)"><td class="td-term">PKI</td><td class="td-def">The complete system of hardware, software, policies, and procedures that manages digital certificates and public-private key pairs.</td><td class="td-ex">PKI is used in secure email communication, ensuring only intended recipients can decrypt messages.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The complete system of hardware, software, policies, and procedures that manages digital certificates and public-private key pairs. Includes CAs, registration authorities, certificate stores, and revocation mechanisms.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">PKI is used in secure email communication, ensuring that only intended recipients can decrypt messages.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Certificate Authorities (CA)"><td class="td-term">Certificate Authorities</td><td class="td-def">Trusted third parties that issue, sign, and revoke digital certificates in the PKI hierarchy.</td><td class="td-ex">Certificate authorities provide SSL/TLS certificates to websites, enabling secure encrypted connections.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Trusted third parties in the PKI hierarchy that issue, sign, and revoke digital certificates. They validate identity before issuing certificates, establishing chain-of-trust in cryptographic systems.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Certificate authorities, such as Let's Encrypt, provide SSL certificates to websites, enabling secure connections.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Hardware Security Module (HSM)"><td class="td-term">Hardware Security Module</td><td class="td-def">A tamper-resistant hardware device providing secure key generation, storage, and cryptographic operations. Keys never leave in plaintext.</td><td class="td-ex">Financial institutions use HSMs to safeguard sensitive transaction data and cryptographic keys.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A tamper-resistant hardware device providing secure key generation, storage, and cryptographic operations. Keys never leave the HSM in plaintext. Used for PKI roots, code signing, and payment processing.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Financial institutions often use HSMs to safeguard sensitive transaction data and cryptographic keys.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Trusted Platform Module (TPM)"><td class="td-term">Trusted Platform Module</td><td class="td-def">A dedicated microcontroller chip on the motherboard providing hardware-based security: key generation, storage, and platform integrity measurement.</td><td class="td-ex">Computers use TPM to ensure secure boot and provide hardware-based encryption capabilities like BitLocker.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A dedicated microcontroller chip on the motherboard providing hardware-based security functions: secure key generation and storage, platform integrity measurement, and sealed storage tied to platform state.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Computers often use TPM to ensure secure boot and hardware-based encryption capabilities.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Tokenization"><td class="td-term">Tokenization</td><td class="td-def">Substitutes sensitive data with randomly generated tokens stored in a token vault, dramatically reducing data breach impact.</td><td class="td-ex">Tokenization replaces credit card numbers with unique tokens in payment processing, reducing PCI scope.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Substitutes sensitive data values with randomly generated tokens stored in a token vault. The original data is never transmitted or stored in business systems, dramatically reducing data breach impact.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Tokenization is used in payment processing to replace credit card numbers with unique tokens, enhancing security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Steganography"><td class="td-term">Steganography</td><td class="td-def">Conceals the existence of a message by embedding it within ordinary-looking files (images, audio, video) without altering visible appearance.</td><td class="td-ex">A secret message can be concealed within an image file without altering its visible appearance.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Conceals the existence of a message by embedding it within ordinary-looking files (images, audio, video). Unlike encryption (which hides content), steganography hides the fact that a message exists at all.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Using steganography, a secret message can be concealed within an image file without altering its visible appearance.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Key Stretching"><td class="td-term">Key Stretching</td><td class="td-def">Applies hash functions repeatedly (PBKDF2, bcrypt, Argon2) to a weak key to produce a stronger derived key, slowing brute-force attacks.</td><td class="td-ex">Key stretching makes brute-force attacks harder by increasing the computational time needed to test each key.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Takes a weak key (e.g., a user password) and applies hash functions repeatedly (PBKDF2, bcrypt, Argon2) to produce a stronger derived key. The added computation dramatically slows brute-force attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Key stretching makes brute-force attacks more difficult by increasing the time required to test each key candidate.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Full-Disk Encryption"><td class="td-term">Full-Disk Encryption</td><td class="td-def">Encrypts the entire contents of a storage device including OS, applications, and user data. Protects against physical device theft.</td><td class="td-ex">Full-disk encryption on laptops safeguards all data if the device is lost or stolen.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Encrypts the entire contents of a storage device, including the OS, applications, and user data. Data is decrypted on-the-fly during normal use; protects against physical device theft.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Full-disk encryption is commonly used on laptops to safeguard data if the device is lost or stolen.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
</section>
<!-- DOMAIN 2 -->
<section class="domain-section" data-domain="d2">
<div class="domain-hdr" data-color="blue">
<div class="domain-num">DOMAIN 02</div>
<div class="domain-title">Threats, Vulnerabilities & Mitigations</div>
<div class="domain-sub">22% of exam Β· sections 2.1 β 2.4</div>
</div>
<div class="subsection" data-sub="d2s1">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">2.1 β Threat Actors & Motivations</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d2"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Nation-State"><td class="td-term">Nation-State</td><td class="td-def">Government-sponsored groups conducting long-term APT campaigns for intelligence collection and geopolitical advantage. Most sophisticated threat actors.</td><td class="td-ex">A nation-state actor orchestrates attacks to steal intellectual property and boost domestic industries.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The most sophisticated and well-resourced threat actors, operating with government backing. Conduct long-term APT campaigns for intelligence collection, critical infrastructure disruption, and geopolitical advantage.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A nation-state actor might orchestrate cyberattacks to steal intellectual property from foreign corporations, aiming to boost domestic industries and gain an economic advantage.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Organized Crime"><td class="td-term">Organized Crime</td><td class="td-def">Professional criminal enterprises with specialized roles: access brokers, ransomware developers, negotiators, and money laundering networks.</td><td class="td-ex">Organized crime syndicates execute ransomware attacks on healthcare providers, demanding hefty ransoms.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Professional criminal enterprises with specialized roles: initial access brokers, ransomware developers, negotiators, and money laundering networks. Financially motivated and increasingly sophisticated.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Organized crime syndicates might execute ransomware attacks on healthcare providers, encrypting patient data and demanding hefty ransoms.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Hacktivist"><td class="td-term">Hacktivist</td><td class="td-def">Politically or socially motivated hackers using DDoS, defacement, and data leaks to advance their cause.</td><td class="td-ex">A hacktivist collective defaces a government website during a political protest to draw public attention.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Politically or socially motivated hackers. Operations include website defacement, DDoS attacks on target organizations, and publication of stolen data to embarrass or expose targets. Anonymous is a well-known example.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hacktivist collective might deface a government website during a significant political protest, using hacking skills to raise awareness about human rights violations.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Insider Threat"><td class="td-term">Insider Threat</td><td class="td-def">A current or former employee, contractor, or partner who uses authorized access to harm the organization. Bypasses perimeter controls.</td><td class="td-ex">A disgruntled employee steals customer data before leaving the company and plans to sell it to competitors.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Uniquely dangerous because they bypass perimeter controls. Includes malicious insiders (intentional harm), negligent insiders (accidental exposure), and compromised insiders (credentials stolen by external actors).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A disgruntled employee who feels undervalued may steal sensitive customer data before leaving the company, intending to sell it to competitors.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Unskilled Attacker"><td class="td-term">Unskilled Attacker</td><td class="td-def">Also called script kiddies. Use automated tools that lower the attack barrier, primarily targeting unpatched vulnerabilities.</td><td class="td-ex">An unskilled attacker uses publicly available exploit tools to attack unsecured websites with common CVEs.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Also called script kiddies. Despite low skills, they pose real risk by using automated tools that lower the attack barrier. Primarily target widely known, unpatched vulnerabilities.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An unskilled attacker might employ publicly available tools like Metasploit to exploit common vulnerabilities on unsecured websites without understanding the underlying technology.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Shadow IT"><td class="td-term">Shadow IT</td><td class="td-def">IT systems, devices, or services used by employees without IT department approval, creating security gaps and compliance violations.</td><td class="td-ex">Employees using unapproved cloud storage expose sensitive company data to potential security breaches.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">IT systems, devices, software, or services used by employees without IT department approval. Creates security gaps: data outside organizational controls, compliance violations, and unmanaged vulnerabilities.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees may use unapproved cloud storage solutions to share files, exposing sensitive company data to potential breaches.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Exfiltration"><td class="td-term">Data Exfiltration</td><td class="td-def">The unauthorized movement of data from within an organization to an external destination. A primary objective of many cyberattacks.</td><td class="td-ex">An insider threat secretly copies client lists to a USB drive, planning to sell the data to competitors.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The unauthorized movement of data from within an organization to an external destination. Can be performed via network transfer, physical media, email, or cloud storage. A primary objective of many cyberattacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An insider threat may exfiltrate sensitive data by secretly copying client lists to a USB drive and planning to sell this information to competitors.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Espionage"><td class="td-term">Espionage</td><td class="td-def">Covert collection of sensitive information from adversaries or competitors through long-term, stealthy APT campaigns.</td><td class="td-ex">A nation-state infiltrates a rival corporation's network to steal trade secrets and gain competitive advantage.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The covert collection of sensitive information from adversaries or competitors. Cyber espionage is conducted through APT campaigns β long-term, stealthy operations targeting high-value intellectual property or government secrets.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A nation-state might engage in cyber espionage to infiltrate a rival corporation's network, stealing trade secrets to gain a competitive edge.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Financial Gain"><td class="td-term">Financial Gain</td><td class="td-def">The most common motivation for cyberattacks, driving ransomware, BEC fraud, credit card theft, and sale of stolen data.</td><td class="td-ex">Organized crime targets financial institutions with phishing schemes to steal account credentials and transfer funds.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The most common motivation for cyberattacks. Includes ransomware, BEC fraud, credit card theft, cryptocurrency mining, and sale of stolen data. Drives the majority of the global cybercrime economy.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Organized crime syndicates often target financial institutions with sophisticated phishing schemes, aiming for financial gain by stealing account credentials.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d2s2">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">2.2 β Threat Vectors & Attack Surfaces</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d2"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Phishing"><td class="td-term">Phishing</td><td class="td-def">Mass social engineering attacks sent to broad audiences. Spear phishing targets specific individuals; whaling targets executives; vishing is via phone.</td><td class="td-ex">A phishing email mimicking a bank deceives users into entering credentials on a fake website.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Mass social engineering attacks sent to broad audiences. Spear phishing targets specific individuals; whaling targets executives; vishing is via phone. The most common initial access vector in data breaches.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A phishing email from a bank can deceive users into entering their login credentials on a fake website, leading to unauthorized access to their accounts.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Vishing"><td class="td-term">Vishing</td><td class="td-def">Voice phishing conducted via phone calls using pretexting, urgency, and authority to manipulate targets into divulging information.</td><td class="td-ex">A vishing call from "tech support" tricks victims into providing remote system access or personal details.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Social engineering conducted via voice calls. Attackers use pretexting, urgency, and authority to manipulate targets. Often targets elderly individuals or employees with access to financial systems.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A vishing call from someone claiming to be from tech support could trick victims into providing access to their systems or personal details.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Smishing"><td class="td-term">Smishing</td><td class="td-def">SMS-based phishing exploiting higher open rates and lower suspicion associated with text messages.</td><td class="td-ex">A smishing message from a fake bank urgently requests account verification via a link to a fraudulent website.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">SMS-based phishing (smishing) exploits the higher open rates and lower suspicion associated with text messages. Often impersonates financial institutions, delivery services, or government agencies to create urgency.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A smishing message appears to come from a financial institution, urgently requesting sensitive data via text to verify account information, leading users to a fraudulent website.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Business Email Compromise (BEC)"><td class="td-term">Business Email Compromise</td><td class="td-def">Sophisticated scam targeting businesses where attackers impersonate executives using spoofed or compromised email accounts. Causes billions in annual losses.</td><td class="td-ex">An attacker impersonates a CEO via email, requesting a wire transfer to a fraudulent account.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A sophisticated scam targeting businesses that regularly perform wire transfers. Attackers impersonate executives or vendors using spoofed or compromised email accounts. BEC causes billions in annual losses globally.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">In a BEC attack, an attacker impersonates a CEO via email and requests a wire transfer to a fraudulent account, exploiting employee trust in executive authority.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Supply Chain Attack"><td class="td-term">Supply Chain Attack</td><td class="td-def">Attacks targeting less-secure elements in a supply chain to compromise the ultimate target through trusted relationships. SolarWinds is the prime example.</td><td class="td-ex">A breach at an MSP exposes its client companies as attackers gain access through a trusted third party.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Attacks targeting less-secure elements in a supply chain β software vendors, hardware manufacturers, service providers β to compromise the ultimate target through trusted relationships. SolarWinds is the prime example.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A breach at a managed service provider (MSP) can expose its client companies to potential security threats as attackers gain access through a trusted third party.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Watering Hole Attack"><td class="td-term">Watering Hole Attack</td><td class="td-def">Attackers compromise a website frequently visited by the intended target to deliver malware to specific visitors.</td><td class="td-ex">Attackers compromise an industry website to infect visitors from a specific target organization with tailored malware.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A targeted attack where adversaries compromise websites known to be frequented by their actual target. Rather than attacking the target directly, they poison a trusted site the target regularly visits.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Attackers might conduct a watering hole attack by compromising an industry-related website, infecting visitors from a specific organization with malware tailored to exploit their systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Typosquatting"><td class="td-term">Typosquatting</td><td class="td-def">Registers misspelled or visually similar domain names to intercept users who make typing errors. Also called URL hijacking.</td><td class="td-ex">An attacker registers "goolge.com" hoping users mistype "google.com" and visit the malicious fake site.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Also called URL hijacking. Registers misspelled or visually similar domain names to intercept users who make typing errors. The fake site may steal credentials, serve malware, or conduct phishing attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An attacker uses typosquatting by registering a domain like "goolge.com", hoping users mistype "google.com" and visit the fake site, which can steal their login information.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Removable Device (USB Drop)"><td class="td-term">Removable Device (USB Drop)</td><td class="td-def">Physical media used to introduce malware into secure systems. Autorun features can execute malware immediately upon connection.</td><td class="td-ex">A USB stick labeled "Confidential Report" found in a parking lot installs malware when plugged in.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Physical media used to introduce malware into air-gapped or otherwise secure systems. The "USB drop" attack exploits human curiosity. Autorun features can execute malware immediately upon connection.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A USB stick labeled "Confidential Report" is left in a public area. When an unsuspecting user plugs it in, it installs malware that compromises system security.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Default Credentials"><td class="td-term">Default Credentials</td><td class="td-def">Factory-set credentials publicly documented and not changed during deployment. Especially problematic in IoT devices and network equipment.</td><td class="td-ex">IoT devices with unchanged default credentials allow attackers easy access to their settings and capabilities.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Factory-set credentials that are publicly documented and not changed during deployment. Represent low-effort targets for attackers. Especially problematic in IoT devices, network equipment, and cloud services.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Many IoT devices are compromised because users fail to change default credentials, which allows attackers easy access to the devices' settings and capabilities.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d2s3">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">2.3 β Types of Vulnerabilities</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d2"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Zero-Day"><td class="td-term">Zero-Day</td><td class="td-def">A vulnerability unknown to the vendor with no available patch. Highly valued in criminal and nation-state markets.</td><td class="td-ex">Zero-day vulnerabilities allow attackers to exploit systems without fear of detection or patching, causing widespread damage.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A vulnerability unknown to the vendor and/or without an available patch. Attackers who discover or purchase zero-days can exploit them indefinitely until disclosed and patched. Highly valued in criminal and nation-state markets.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Zero-day vulnerabilities pose a significant threat, as attackers can exploit them without fear of immediate detection or patching, leading to potential widespread damage.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="SQL Injection (SQLi)"><td class="td-term">SQL Injection</td><td class="td-def">Injects malicious SQL code through user input fields. Can extract data, bypass authentication, or execute OS commands. Prevention requires parameterized queries.</td><td class="td-ex">An attacker sends malicious SQL commands to a web application, exposing sensitive customer data from the database.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Injects malicious SQL code through user input fields into database queries. Can extract confidential data, modify database records, bypass authentication, or execute OS commands. Prevention requires parameterized queries.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">During a SQL injection attack, an attacker sends malicious SQL commands to a web application, potentially exposing sensitive customer data stored in the database.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Cross-Site Scripting (XSS)"><td class="td-term">Cross-Site Scripting (XSS)</td><td class="td-def">Injects malicious client-side scripts into web pages viewed by other users. Types: reflected, stored, and DOM-based.</td><td class="td-ex">An attacker embeds harmful JavaScript in a webpage; any visitor's browser executes it, potentially stealing their session cookies.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Injects malicious client-side scripts into web pages viewed by other users. Types include reflected (URL-based), stored (persistent in database), and DOM-based XSS. Can steal session cookies, credentials, or redirect users.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An attacker exploits XSS by embedding harmful JavaScript into a web page. The script executes in the browser of any user who visits the page, potentially stealing their data.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Buffer Overflow"><td class="td-term">Buffer Overflow</td><td class="td-def">A program writes more data to a memory buffer than it can hold, overwriting adjacent memory and potentially allowing arbitrary code execution.</td><td class="td-ex">An attacker feeds excessive data into an input field, causing the application to crash or execute malicious code.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Occurs when a program writes more data to a memory buffer than it can hold, overwriting adjacent memory. Can cause crashes or, if exploited precisely, allow an attacker to redirect execution to injected code.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An attacker exploits a buffer overflow by feeding excessive data into an input field, causing the application to crash or execute malicious code.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Misconfiguration"><td class="td-term">Misconfiguration</td><td class="td-def">Incorrect settings in software, networks, or devices. One of the most common vulnerability categories and often the root cause of major breaches.</td><td class="td-ex">A firewall misconfiguration leaves sensitive data accessible to unauthorized users, causing a compliance breach.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">One of the most common vulnerability categories. Includes default credentials left unchanged, unnecessary services enabled, overly permissive access controls, and improperly configured cloud storage. Often the root cause of major breaches.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A firewall misconfiguration leaves sensitive data accessible to unauthorized users, potentially leading to breaches and compliance issues.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="VM Escape"><td class="td-term">VM Escape</td><td class="td-def">Exploits hypervisor vulnerabilities to break out of a VM's isolation boundary, gaining code execution on the host or other VMs.</td><td class="td-ex">A VM escape vulnerability allows an attacker to move from a compromised VM to the host system.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Exploits hypervisor vulnerabilities to break out of a VM's isolation boundary, gaining code execution on the host or other VMs. Considered a critical severity vulnerability in virtualized environments.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A VM escape vulnerability allows an attacker to move from a compromised virtual environment to the host system, compromising sensitive data and applications.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Race Condition / TOCTOU"><td class="td-term">Race Condition / TOCTOU</td><td class="td-def">Vulnerability arising when system behavior depends on the timing of events. Attacker changes state between check (TOC) and use (TOU).</td><td class="td-ex">An attacker alters a file after validity is checked but before it is used, leading to unauthorized actions.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Occur when multiple processes access shared resources concurrently without proper synchronization. In TOCTOU (Time-of-Check Time-of-Use), an attacker changes a resource between when it's verified and when it's used.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An attacker takes advantage of a TOCTOU vulnerability by altering a file after it has been checked for validity but before it is used, leading to unauthorized actions.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="End-of-Life (EOL)"><td class="td-term">End-of-Life (EOL)</td><td class="td-def">The point at which a vendor ceases providing security updates. All vulnerabilities discovered after EOL remain permanently unpatched.</td><td class="td-ex">End-of-life devices are attractive targets because they lack security patches for known vulnerabilities.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The point at which a vendor ceases providing security updates and support for a product. All vulnerabilities discovered after EOL remain permanently unpatched, representing an ever-growing attack surface.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">End-of-life devices are susceptible to exploitation due to the lack of security patches and updates, making them attractive targets for attackers.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d2s4">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">2.4 β Indicators of Malicious Activity</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d2"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="DDoS (Distributed Denial-of-Service)"><td class="td-term">DDoS</td><td class="td-def">Uses a botnet of compromised devices to flood targets with traffic. Types include volumetric, protocol, and application-layer attacks.</td><td class="td-ex">Thousands of compromised devices flood a company's web server with traffic, crashing it and making it inaccessible.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Uses a botnet of compromised devices (zombies) to flood targets with traffic or resource-exhausting requests. Harder to mitigate than single-source DoS. Types include volumetric (bandwidth), protocol, and application-layer attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company's website suffers a DDoS attack. Thousands of compromised devices flood the server, crashing it and making it inaccessible to users.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Brute Force"><td class="td-term">Brute Force</td><td class="td-def">Exhaustive search attack trying all possible combinations. Mitigated by MFA, account lockout, and strong passwords.</td><td class="td-ex">A hacker systematically tries thousands of password combinations until successfully gaining admin account access.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Exhaustive search attack trying all possible combinations. Pure brute force tries every possibility; dictionary attacks use word lists; credential stuffing uses known breached passwords. Mitigated by MFA, account lockout, and strong passwords.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hacker employs a brute force attack on the admin account, systematically trying thousands of password combinations until they successfully gain access.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Malware"><td class="td-term">Malware</td><td class="td-def">Malicious software including viruses, worms, trojans, ransomware, spyware, adware, rootkits, and keyloggers.</td><td class="td-ex">Ransomware encrypts an organization's files and demands payment in cryptocurrency for the decryption key.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Any software intentionally designed to cause disruption, gain unauthorized access, steal data, or hold systems for ransom. Categories include viruses (self-replicating), worms (self-propagating), trojans, ransomware, and rootkits.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Ransomware encrypts an organization's critical files and demands payment in cryptocurrency for the decryption key, causing operational disruption.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Ransomware"><td class="td-term">Ransomware</td><td class="td-def">Malware that encrypts victim files and demands ransom for the decryption key. Often deployed via phishing or RDP exploitation.</td><td class="td-ex">A hospital's files are encrypted; attackers demand $1M in Bitcoin before providing the decryption key.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A category of malware that encrypts victim data and demands payment for the decryption key. Modern ransomware often includes double extortion: threatening to publish stolen data if the ransom is not paid.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hospital's patient records are encrypted by ransomware; attackers demand significant payment in cryptocurrency before providing a decryption key, disrupting patient care.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Rootkit"><td class="td-term">Rootkit</td><td class="td-def">Malware that hides its presence by modifying the OS at a deep level. Extremely difficult to detect and remove.</td><td class="td-ex">A rootkit hides malicious processes from the OS task manager, allowing persistent unauthorized access to go undetected.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Malware designed to gain privileged access and conceal its presence by modifying OS components. Can intercept and alter OS calls to hide files, processes, and network connections. Firmware rootkits survive OS reinstalls.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A rootkit hides malicious processes from the OS task manager, allowing an attacker persistent unauthorized access that goes undetected by standard security tools.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Birthday Attack"><td class="td-term">Birthday Attack</td><td class="td-def">Cryptographic attack exploiting probability to find two different inputs producing the same hash. Used to forge digital signatures.</td><td class="td-ex">A birthday attack enables an attacker to discover two messages with the same hash, breaking digital signature security.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Based on the birthday paradox in probability. Exploits that hash collisions occur more easily than intuition suggests. Used to forge digital signatures or create malicious documents with the same hash as legitimate ones.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The birthday attack enables an attacker to discover two distinct messages that yield the same hash value, breaking the security of digital signatures.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Man-in-the-Middle (MitM)"><td class="td-term">Man-in-the-Middle (MitM)</td><td class="td-def">Attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.</td><td class="td-ex">On public Wi-Fi, an attacker intercepts traffic between a user and their bank, capturing login credentials.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An attacker secretly positions themselves between two communicating parties, intercepting and potentially modifying messages. Common on unsecured networks. Mitigated by TLS/SSL, certificate pinning, and MFA.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">On a public Wi-Fi network, an attacker intercepts traffic between a user and their online bank, capturing session tokens and login credentials.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
</section>
<!-- DOMAIN 3 -->
<section class="domain-section" data-domain="d3">
<div class="domain-hdr" data-color="green">
<div class="domain-num">DOMAIN 03</div>
<div class="domain-title">Security Architecture</div>
<div class="domain-sub">18% of exam Β· sections 3.1 β 3.4</div>
</div>
<div class="subsection" data-sub="d3s1">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">3.1 β Architecture Models</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d3"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Cloud Computing"><td class="td-term">Cloud Computing</td><td class="td-def">Delivery of computing services over the internet. Models: IaaS, PaaS, SaaS. Deployments: public, private, hybrid, community.</td><td class="td-ex">A company migrates its email server to Microsoft 365 (SaaS), eliminating on-premises infrastructure management.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">On-demand delivery of IT resources over the internet. Service models: IaaS (infrastructure), PaaS (platform), SaaS (software). Deployment models: public (shared), private (dedicated), hybrid (both), community (sector-shared).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company migrates its email server to Microsoft 365 (SaaS), eliminating on-premises infrastructure management and shifting security responsibility to the shared responsibility model.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Hybrid Cloud"><td class="td-term">Hybrid Cloud</td><td class="td-def">Combines on-premises infrastructure with public cloud resources, allowing data and applications to move between environments.</td><td class="td-ex">A bank keeps customer data on private servers while using public cloud for burst compute workloads during tax season.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An architecture combining private (on-premises or hosted) and public cloud resources. Organizations keep sensitive workloads on-premises while leveraging public cloud scalability for less sensitive workloads.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A bank keeps regulated customer financial data on private on-premises servers while using public cloud for burst compute workloads, maintaining compliance while gaining scalability.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Serverless Architecture"><td class="td-term">Serverless Architecture</td><td class="td-def">Cloud model where the provider manages infrastructure; developers deploy code as functions. Shifts OS/runtime security responsibility to the provider.</td><td class="td-ex">A company deploys payment processing logic as AWS Lambda functions, eliminating server patch management.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Functions-as-a-Service model where code runs in stateless containers managed entirely by the cloud provider. Reduces infrastructure management but creates risks around function-level IAM permissions and injection vulnerabilities.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company deploys payment processing logic as AWS Lambda functions, eliminating server patch management but requiring careful IAM permission scoping for each function.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Microservices"><td class="td-term">Microservices</td><td class="td-def">Architecture where applications are built as small, independent services communicating via APIs. Each service has its own security boundary.</td><td class="td-ex">An e-commerce app splits into separate services for payments, inventory, and user auth, each requiring its own security controls.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An architectural style where applications are composed of small, loosely coupled services. Each microservice has its own security boundary and can be independently deployed, scaled, and updated.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An e-commerce platform splits into separate microservices for payments, inventory, and authentication, each requiring its own security controls, API gateway protection, and network policies.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Containerization"><td class="td-term">Containerization</td><td class="td-def">Packages applications and their dependencies into isolated containers (Docker, Kubernetes). Containers share the host OS kernel, creating shared attack surface.</td><td class="td-ex">Developers use Docker containers to ensure consistent security configurations across development and production environments.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Technology packaging application code and dependencies into lightweight, portable containers. Containers share the host OS kernel (unlike VMs), so kernel vulnerabilities affect all containers. Kubernetes orchestrates containerized workloads.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Developers use Docker containers to ensure consistent security configurations across development and production environments, but must ensure images are scanned for vulnerabilities before deployment.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Infrastructure as Code (IaC)"><td class="td-term">Infrastructure as Code</td><td class="td-def">Managing and provisioning infrastructure through machine-readable configuration files rather than manual processes. Enables security as code.</td><td class="td-ex">A company uses Terraform to define security group rules as code, ensuring consistent configuration across all cloud deployments.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Treating infrastructure configuration as code managed in version control. Enables consistent, repeatable provisioning and eliminates configuration drift. Security policies can be embedded in IaC templates and enforced via policy-as-code.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company uses Terraform templates to define security group rules as code, ensuring every new cloud deployment automatically applies the same security configurations without manual intervention.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="SASE (Secure Access Service Edge)"><td class="td-term">SASE</td><td class="td-def">Converges WAN networking and network security functions (CASB, FWaaS, ZTNA, SWG) into a unified cloud-delivered service.</td><td class="td-ex">A distributed company uses SASE to provide consistent security policies for remote employees regardless of location.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Secure Access Service Edge converges SD-WAN capabilities with cloud-native security functions. Delivers security enforcement at the network edge close to users, enabling zero-trust access for distributed workforces.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company with remote employees worldwide uses SASE to provide consistent, identity-aware security policies regardless of where users connect or what applications they access.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="SD-WAN"><td class="td-term">SD-WAN</td><td class="td-def">Software-Defined Wide Area Network that uses software to control network connectivity, replacing or augmenting traditional MPLS connections.</td><td class="td-ex">A retail chain uses SD-WAN to securely connect hundreds of store locations with centralized security policy management.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Software-Defined WAN abstracts the underlying transport and centrally manages WAN connectivity. Enables dynamic path selection, application-aware routing, and centralized security policy enforcement across distributed locations.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A retail chain uses SD-WAN to securely connect hundreds of store locations, applying consistent security policies and enabling centralized visibility into all branch traffic from a single management console.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Shared Responsibility Model"><td class="td-term">Shared Responsibility Model</td><td class="td-def">Defines which security tasks are the cloud provider's responsibility versus the customer's, varying by service model (IaaS/PaaS/SaaS).</td><td class="td-ex">In AWS IaaS, AWS secures the physical data center; the customer is responsible for OS patches and application security.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">In IaaS, the provider secures physical infrastructure; customers manage everything above the hypervisor. In PaaS, the provider also manages the OS/runtime. In SaaS, the provider manages everything except data and user access.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An organization running on AWS EC2 (IaaS) must patch its own OS and applications; AWS is responsible only for the underlying physical infrastructure, networking, and hypervisor.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d3s2">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">3.2 β Secure Network Infrastructure</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d3"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Network Segmentation"><td class="td-term">Network Segmentation</td><td class="td-def">Dividing a network into isolated segments to contain breaches, reduce attack surface, and improve compliance.</td><td class="td-ex">A hospital separates its clinical systems, guest Wi-Fi, and administrative network into distinct VLANs with firewall enforcement.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Divides a network into isolated zones using firewalls, VLANs, or microsegmentation. Limits lateral movement: an attacker who compromises one segment cannot freely access others. Critical for PCI DSS compliance.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hospital separates clinical systems, payment processing, guest Wi-Fi, and admin networks into distinct segments. A breach in the guest network cannot propagate to patient record systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="DMZ (Demilitarized Zone)"><td class="td-term">DMZ</td><td class="td-def">A perimeter network segment between the internet and internal network hosting public-facing servers. Provides an additional security layer.</td><td class="td-ex">Web servers are placed in the DMZ so internet users can access them without direct access to internal databases.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A network zone between untrusted (internet) and trusted (internal) networks, hosting public-facing services. Firewalls control traffic into and out of the DMZ, limiting exposure if a DMZ host is compromised.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Public web servers are placed in the DMZ. Internet users access the web servers, but strict firewall rules prevent the web servers from initiating connections directly to internal database servers.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Firewall"><td class="td-term">Firewall</td><td class="td-def">Network security device monitoring and controlling incoming/outgoing traffic based on predefined security rules. Types: packet-filtering, stateful, NGFW, WAF.</td><td class="td-ex">A next-generation firewall inspects application-layer traffic and blocks attempts to exploit web application vulnerabilities.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Controls network traffic between zones based on rules. Packet-filtering inspects headers; stateful tracks connection state; NGFW adds application awareness and IPS; WAF (Web Application Firewall) protects web apps from OWASP Top 10 attacks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A next-generation firewall inspects application-layer traffic, identifies SQL injection attempts in HTTP requests, and blocks them before they reach the web server, operating independently of signature updates.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="IDS / IPS"><td class="td-term">IDS / IPS</td><td class="td-def">Intrusion Detection System monitors and alerts; Intrusion Prevention System actively blocks detected threats. Both use signature and anomaly-based detection.</td><td class="td-ex">An IPS automatically blocks network traffic matching known attack signatures before it reaches internal servers.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">IDS (passive) inspects traffic and generates alerts without blocking. IPS (inline, active) can block or drop malicious traffic in real time. Both use signature-based detection (known attacks) and anomaly-based detection (behavioral deviations).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An IPS deployed inline between the internet and internal servers automatically drops packets matching known exploit signatures, preventing attacks from reaching their targets in real time.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="VPN (Virtual Private Network)"><td class="td-term">VPN</td><td class="td-def">Creates an encrypted tunnel over an untrusted network. Types: site-to-site (connecting offices) and remote-access (connecting individuals).</td><td class="td-ex">Remote employees use VPN to securely access corporate resources over public internet connections.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Extends a private network over a public one by creating an encrypted tunnel. IPSec VPNs encrypt at the network layer; SSL/TLS VPNs operate at the transport layer. Split tunneling sends only organizational traffic through the VPN.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Remote employees connect to the corporate VPN before accessing internal systems, ensuring all data transmitted over the public internet is encrypted and that access is authenticated.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Proxy Server"><td class="td-term">Proxy Server</td><td class="td-def">An intermediary between clients and the internet. Forward proxies protect clients; reverse proxies protect servers. Can perform SSL inspection and content filtering.</td><td class="td-ex">A company's forward proxy filters web traffic, blocking malicious sites and enforcing acceptable use policies.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An intermediary that processes requests on behalf of clients (forward proxy) or servers (reverse proxy). Forward proxies filter outbound traffic and cache content; reverse proxies load balance and protect web servers from direct exposure.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A forward proxy at the network perimeter intercepts all outbound web traffic, performs SSL inspection to detect malware in encrypted streams, and blocks access to known malicious domains.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Load Balancer"><td class="td-term">Load Balancer</td><td class="td-def">Distributes incoming network traffic across multiple servers to ensure high availability and prevent any single server from becoming a bottleneck.</td><td class="td-ex">A load balancer distributes web traffic across five servers, ensuring service continuity if one server fails.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Distributes traffic across a pool of servers using algorithms (round-robin, least connections, IP hash). Provides both availability and performance benefits. Can perform health checks to remove failed servers from rotation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A load balancer distributes web traffic across five application servers, automatically routing requests away from any server that fails a health check, ensuring continuous availability.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="NAC (Network Access Control)"><td class="td-term">NAC</td><td class="td-def">Enforces security policy compliance before granting network access. Checks device health, OS patch level, antivirus status, and user identity.</td><td class="td-ex">NAC prevents a laptop with outdated antivirus from connecting to the corporate network until remediated.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Evaluates devices against security policy before granting network access. Non-compliant devices can be quarantined, given limited access, or blocked. Uses 802.1X authentication for wired/wireless enforcement.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">NAC checks every connecting device for current OS patches, active antivirus, and valid certificates. A laptop missing critical updates is quarantined in a remediation VLAN until patched.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="VLAN (Virtual LAN)"><td class="td-term">VLAN</td><td class="td-def">Logical segmentation of a physical network at Layer 2. Groups devices regardless of physical location; isolates broadcast domains.</td><td class="td-ex">A company places all IoT devices on a separate VLAN, preventing compromised devices from reaching corporate servers.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Virtual LANs create logical network segments on a physical switch infrastructure. Traffic between VLANs requires a Layer 3 device (router/firewall), enabling granular access control and containing broadcast traffic.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company creates a dedicated VLAN for IoT devices. Even if an IoT sensor is compromised, it cannot directly communicate with servers on the corporate VLAN without traversing the firewall.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d3s3">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">3.3 β Data Protection Strategies</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d3"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Data Classification"><td class="td-term">Data Classification</td><td class="td-def">Categorizes data by sensitivity level to apply appropriate security controls. Common levels: public, internal, confidential, restricted.</td><td class="td-ex">A company labels documents as Public, Internal, Confidential, or Top Secret, applying stricter controls to higher classifications.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Organizes data into categories based on sensitivity and required protection level. Enables appropriate security control application: public data has minimal controls while restricted/top secret data receives maximum protection including encryption and strict access controls.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A financial firm classifies data as Public, Internal, Confidential, and Restricted. Restricted data (customer SSNs, account numbers) requires encryption at rest, strict access logging, and cannot be stored on portable devices.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="DLP (Data Loss Prevention)"><td class="td-term">DLP</td><td class="td-def">Technology monitoring, detecting, and blocking unauthorized transmission of sensitive data via email, web, or removable media.</td><td class="td-ex">DLP software alerts security when an employee tries to email a file containing credit card numbers to an external address.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Systems that monitor data in use (endpoints), in motion (network), and at rest (storage) to detect and prevent unauthorized disclosure. Use content inspection, contextual analysis, and pattern matching (regex for SSNs, credit cards).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">DLP software scans all outbound emails and blocks any message containing patterns matching credit card numbers, alerting the security team and preventing unintentional data exposure.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data at Rest"><td class="td-term">Data at Rest</td><td class="td-def">Inactive data stored on physical media: hard drives, databases, backups, or cloud storage. Protected by encryption and access controls.</td><td class="td-ex">Customer records stored in a database are encrypted at rest using AES-256, protecting them from storage media theft.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Data stored on any persistent medium β local storage, databases, backup tapes, cloud object storage. Encryption at rest (TDE, BitLocker, cloud-native encryption) protects against unauthorized access to the physical or logical storage layer.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Customer PII in a database is encrypted at rest using Transparent Data Encryption (TDE). If backup tapes are stolen, the data remains unreadable without the encryption key.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data in Transit"><td class="td-term">Data in Transit</td><td class="td-def">Data moving between systems over a network. Protected by transport encryption protocols like TLS to prevent interception.</td><td class="td-ex">HTTPS encrypts web traffic between users and servers, protecting credentials and personal data from eavesdropping.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Data actively moving through a network between endpoints. TLS is the standard protection. Also covers data transferred via API, email (S/MIME, TLS), and VPN tunnels. Vulnerable to eavesdropping and MitM attacks if unencrypted.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An e-commerce site enforces HTTPS for all pages, ensuring customer payment details and session tokens are encrypted in transit, preventing interception on public networks.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data in Use"><td class="td-term">Data in Use</td><td class="td-def">Data actively being processed in memory. Hardest to protect; threats include memory scraping attacks and cold boot attacks.</td><td class="td-ex">Secure enclaves (Intel SGX) process sensitive computations in isolated memory that the OS cannot access.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Data currently being processed in RAM or CPU registers. Must be decrypted to be used, creating exposure. Secure enclaves and trusted execution environments provide hardware-isolated processing of sensitive data.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A payment terminal uses secure enclaves to process card decryption in isolated memory inaccessible to the main OS, protecting against memory-scraping malware that plagued older POS systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Rights Management (IRM/DRM)"><td class="td-term">Rights Management</td><td class="td-def">Controls how data can be used, copied, printed, or forwarded even after it has been shared. Persists with the document regardless of location.</td><td class="td-ex">IRM prevents a confidential document recipient from forwarding, printing, or copy-pasting its contents.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Information Rights Management (IRM) and Digital Rights Management (DRM) embed usage policies within documents and media files. Policies persist with the content, enforcing restrictions even after distribution outside the organization.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A law firm applies IRM policies to client contracts, preventing recipients from forwarding, printing, or screen-capturing the documents, even if they are forwarded outside the firm's email system.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d3s4">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">3.4 β Resilience & Recovery</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d3"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="High Availability (HA)"><td class="td-term">High Availability</td><td class="td-def">System design ensuring continuous operation with minimal downtime using redundancy, failover, and clustering. Often expressed as uptime percentages (99.999% = 5 nines).</td><td class="td-ex">A critical application runs on an HA cluster; if one node fails, another automatically takes over within seconds.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Architecture eliminating single points of failure through redundant components, automatic failover, and load distribution. "Five nines" (99.999%) availability allows only ~5 minutes of downtime per year. Achieved through clustering, replication, and geographic distribution.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hospital's patient management system runs on an active-active HA cluster across two data centers. A complete failure of one data center triggers automatic failover with no user-visible downtime.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Redundancy"><td class="td-term">Redundancy</td><td class="td-def">Duplicating critical system components so that backup components can take over when the primary fails.</td><td class="td-ex">Dual power supplies in a server ensure it continues operating if one power supply fails.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The duplication of critical components or functions to increase reliability and availability. Includes hardware redundancy (dual NICs, RAID), network redundancy (multiple ISPs), geographic redundancy (multiple data centers), and personnel redundancy (cross-training).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A data center implements redundant power (dual UPS systems, generator), networking (dual ISPs with BGP failover), and storage (RAID 6) to ensure no single failure causes service interruption.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="RAID"><td class="td-term">RAID</td><td class="td-def">Redundant Array of Independent Disks. Combines multiple drives for performance, redundancy, or both. Key levels: RAID 0 (striping), RAID 1 (mirroring), RAID 5 (striping+parity), RAID 6, RAID 10.</td><td class="td-ex">RAID 5 allows a database server to continue operating and recover data after a single hard drive fails.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">RAID 0: Striping (performance, no redundancy). RAID 1: Mirroring (full redundancy). RAID 5: Striping with distributed parity (tolerates 1 drive failure). RAID 6: Tolerates 2 drive failures. RAID 10: Mirroring + striping (highest performance + redundancy).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A file server uses RAID 6, which can survive simultaneous failure of two drives. This provides sufficient time to replace the failed drives before data integrity is at risk.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Backup Types"><td class="td-term">Backup Types</td><td class="td-def">Full (all data), Incremental (changes since last backup), Differential (changes since last full backup). 3-2-1 rule: 3 copies, 2 media types, 1 off-site.</td><td class="td-ex">A company runs full backups weekly and incremental backups nightly, reducing backup windows while ensuring recoverability.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Full: backs up all data (slowest to create, fastest to restore). Incremental: backs up changes since the last backup (fastest to create, slowest to restore). Differential: changes since last full (middle ground). The 3-2-1 rule is the backup gold standard.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Following the 3-2-1 rule, an organization keeps 3 copies of critical data: the production system, a local NAS backup, and an off-site encrypted cloud backup β ensuring recovery from ransomware or physical disaster.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Disaster Recovery (DR)"><td class="td-term">Disaster Recovery</td><td class="td-def">Documented plans and procedures for restoring IT systems after a disaster. Key metrics: RTO (recovery time) and RPO (data loss tolerance).</td><td class="td-ex">A company's DR plan activates a warm standby site when the primary data center is destroyed, restoring operations within 4 hours.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Plans, procedures, and resources enabling restoration of IT operations after a disaster. Site types: hot (fully operational, immediate failover), warm (partially configured, hours to recover), cold (empty facility, days to recover). Must be regularly tested.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A financial firm maintains a hot standby DR site with real-time data replication. In a disaster, operations fail over automatically within minutes, meeting their 15-minute RTO requirement.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="RTO (Recovery Time Objective)"><td class="td-term">RTO</td><td class="td-def">The maximum acceptable time to restore operations after a disruption. Defines how long a system can be offline before the impact is unacceptable.</td><td class="td-ex">The e-commerce platform has an RTO of 2 hours, meaning it must be restored within that timeframe to avoid major revenue loss.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">RTO defines the maximum tolerable downtime for a system. Drives disaster recovery infrastructure investment: a 15-minute RTO requires a hot standby; a 48-hour RTO may only need a cold site. Must be established through Business Impact Analysis.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A hospital's patient monitoring system has an RTO of 30 minutes. This drives the requirement for an active-active HA cluster that automatically fails over without manual intervention.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="RPO (Recovery Point Objective)"><td class="td-term">RPO</td><td class="td-def">The maximum acceptable amount of data loss measured in time. Defines how frequently backups must occur to meet business requirements.</td><td class="td-ex">An RPO of 15 minutes means the company can lose at most 15 minutes of transactions in a disaster scenario.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">RPO defines the maximum data loss an organization can tolerate, expressed as time since the last backup. A 1-hour RPO requires hourly backups (or continuous replication). Closely related to RTO in determining DR investment.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A payment processor sets an RPO of 5 seconds, requiring synchronous real-time replication to a secondary site. No transaction can be lost, justifying the significant infrastructure investment.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Geographic Dispersal"><td class="td-term">Geographic Dispersal</td><td class="td-def">Distributing systems across physically separate locations to protect against regional disasters, power outages, and natural events.</td><td class="td-ex">A cloud provider runs three geographically separated availability zones so a regional hurricane cannot cause total outage.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Placing redundant systems in geographically separate locations protects against site-level disasters. Cloud availability zones and regions implement geographic dispersal. Must consider data sovereignty laws when dispersing across international borders.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A streaming service replicates its content delivery infrastructure across data centers in three different cities. A regional power outage or natural disaster affects only one site while others continue serving users normally.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
</section>
<!-- DOMAIN 4 -->
<section class="domain-section" data-domain="d4">
<div class="domain-hdr" data-color="purple">
<div class="domain-num">DOMAIN 04</div>
<div class="domain-title">Security Operations</div>
<div class="domain-sub">28% of exam Β· sections 4.1 β 4.3</div>
</div>
<div class="subsection" data-sub="d4s1">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">4.1 β Automation & Scripting</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d4"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Integrations and APIs"><td class="td-term">Integrations and APIs</td><td class="td-def">Utilizing APIs to automate interactions between different software applications, enabling seamless data exchange and task execution.</td><td class="td-ex">An automation script updates user information across multiple applications using API calls whenever there is a change to ensure consistency.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Application Programming Interfaces (APIs) allow different software systems to communicate and share data automatically. Security automation leverages APIs to connect SIEM, ticketing systems, threat intelligence platforms, and endpoint tools into unified workflows.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An automation script updates user information across multiple applications using API calls whenever there is a change to ensure consistency across systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Reaction Time"><td class="td-term">Reaction Time</td><td class="td-def">The speed at which organizations can respond to incidents or changes, significantly enhanced through automation and SOAR platforms.</td><td class="td-ex">Automated alerts notify the security team of potential threats in real time, enabling quicker responses to mitigate risks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The elapsed time between detection of a security event and execution of a response action. Automation dramatically reduces reaction time from hours (manual) to seconds (automated playbook execution), limiting attacker dwell time.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Automated alerts notify the security team of potential threats in real time, enabling quicker responses to mitigate risks before significant damage occurs.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Resource Provisioning"><td class="td-term">Resource Provisioning</td><td class="td-def">The automated assignment of computing resources β storage, memory, processing power β based on predefined criteria.</td><td class="td-ex">A cloud service automatically allocates additional storage space for a department when their usage reaches a certain threshold.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Automated allocation and configuration of computing resources. In security contexts, ensures newly provisioned resources automatically receive baseline security configurations, preventing configuration drift and human error.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A cloud service automatically allocates additional storage space for a department when their usage reaches a certain threshold, ensuring no disruption in their operations.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Scaling in a Secure Manner"><td class="td-term">Scaling Securely</td><td class="td-def">The ability to grow infrastructure while automatically applying security measures to newly provisioned resources to maintain compliance.</td><td class="td-ex">As user demand increases, additional cloud resources are automatically provisioned with security policies pre-applied.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Ensuring that security controls scale automatically alongside infrastructure growth. Security groups, IAM policies, and network rules must be applied at provisioning time to prevent newly added resources from creating security gaps.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">As user demand increases, additional resources are automatically provisioned in the cloud, and security policies are applied to these resources to maintain compliance.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Security Groups"><td class="td-term">Security Groups</td><td class="td-def">Collections of users or devices sharing the same security policies, making it easier to manage permissions and access control at scale.</td><td class="td-ex">A security group for the finance team allows members to access financial applications while restricting access for other departments.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Logical groupings used to apply consistent security policies to multiple resources or users simultaneously. In cloud environments, security groups act as virtual firewalls controlling inbound and outbound traffic to instances.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A security group for the finance team allows members to access financial applications while restricting access to sensitive financial data for other departments.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Single Point of Failure"><td class="td-term">Single Point of Failure</td><td class="td-def">A potential risk where a single failure in an automated process could lead to complete system failure or loss of functionality.</td><td class="td-ex">If the automation tool that provisions user accounts fails, no new employees can be onboarded until the issue is resolved.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Any component whose failure would cause the entire system or process to fail. Automation creates new single points of failure that must be identified and mitigated through redundancy, failover mechanisms, and manual fallback procedures.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">If the automation tool that provisions user accounts fails, no new employees can be onboarded until the issue is resolved, potentially disrupting operations.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Standard Infrastructure Configurations"><td class="td-term">Standard Infrastructure Configs</td><td class="td-def">Maintaining uniformity in system setups to ensure security and operational effectiveness, facilitated by automated configuration management.</td><td class="td-ex">New servers are automatically configured with security settings defined in templates to ensure consistency.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Pre-approved, security-hardened configuration templates applied consistently across all systems of the same type. Eliminates configuration drift and human error. Tools like Ansible, Chef, and Puppet enforce standard configurations at scale.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">New servers are automatically configured with security settings defined in templates to ensure consistency and reduce the risk of human error during setup.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Technical Debt"><td class="td-term">Technical Debt</td><td class="td-def">The future costs of shortcuts or compromises in automation that may require rework or additional effort later.</td><td class="td-ex">An organization that opts for quick automation solutions might face the need to revise those solutions later, incurring more costs.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The accumulated cost of shortcuts taken during development or implementation. In security automation, technical debt manifests as brittle scripts, hardcoded credentials, undocumented exceptions, and lack of error handling that must eventually be remediated.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An organization that opts for quick automation solutions might face the need to revise those solutions later, incurring more costs and effort than if they had implemented robust processes initially.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Ticket Creation (Automated)"><td class="td-term">Ticket Creation</td><td class="td-def">The automated process of generating support tickets for incidents or requests, ensuring efficient tracking and management of issues.</td><td class="td-ex">An automated system creates a support ticket whenever a user reports an issue via email, ensuring IT can promptly track the problem.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Automation that generates ITSM tickets (ServiceNow, Jira) directly from monitoring alerts or user reports. Ensures every detected event is tracked, assigned, and followed through to resolution without manual intervention.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An automated system creates a support ticket whenever a user reports an issue via email, ensuring that IT can promptly track and respond to the problem.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="User Provisioning"><td class="td-term">User Provisioning</td><td class="td-def">Automated creation, management, and deactivation of user accounts and permissions to ensure timely and appropriate access to resources.</td><td class="td-ex">When a new employee is onboarded, their user account is automatically created and they receive access to essential applications.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Automates the identity lifecycle: account creation, role assignment, access provisioning, and account deactivation. Integrates with HR systems to trigger automatically on hire, transfer, and termination events. Critical for preventing orphaned accounts.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">When a new employee is onboarded, their user account is automatically created, and they receive access to essential applications like email and project management tools.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Workforce Multiplier"><td class="td-term">Workforce Multiplier</td><td class="td-def">The concept of increasing workforce effectiveness through automation, allowing fewer staff to achieve greater operational results.</td><td class="td-ex">A small IT team can manage a complex infrastructure effectively due to automation tools, maximizing productivity without additional hires.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Automation acts as a force multiplier, enabling small security teams to operate at the scale and speed needed to defend modern environments. SOAR platforms are the primary workforce multiplier in security operations.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A small IT team can manage a complex infrastructure effectively due to automation tools, maximizing productivity without needing additional hires.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d4s2">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">4.2 β Incident Response Activities</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d4"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Preparation (IR)"><td class="td-term">Preparation</td><td class="td-def">The initial incident response phase focusing on planning, training, and establishing resources and protocols to handle potential incidents.</td><td class="td-ex">Conducting training sessions for the incident response team to familiarize them with their roles before an incident occurs.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The first phase of the incident response lifecycle (PICERL). Includes developing IR plans, building the team, acquiring tools, running tabletop exercises, and establishing communication procedures. The quality of preparation determines response effectiveness.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Conducting training sessions for the incident response team to familiarize them with their roles and responsibilities before an incident occurs.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Detection (IR)"><td class="td-term">Detection</td><td class="td-def">Identifying and recognizing potential security incidents through monitoring and analysis of systems, networks, and data.</td><td class="td-ex">A SIEM system alerts the security team to unusual network activity indicating a possible breach.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The process of identifying potential security incidents through automated monitoring (SIEM, EDR, NDR) and human analysis. Incidents can be detected via alerts, anomalies, user reports, or threat intelligence. Speed of detection limits attacker dwell time.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Implementing a security information and event management (SIEM) system that alerts the security team to unusual network activity indicating a possible breach.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Containment (IR)"><td class="td-term">Containment</td><td class="td-def">Actions taken to limit the impact of a security incident and prevent further damage or data loss.</td><td class="td-ex">During a malware outbreak, the IT team isolates affected systems from the network to stop the spread of infection.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Short-term containment (immediate isolation of affected systems) and long-term containment (hardening remaining systems, deploying temporary fixes) limit the blast radius. Must balance stopping the attack with preserving forensic evidence.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">During a malware outbreak, the IT team isolates affected systems from the network to stop the spread of the infection.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Eradication (IR)"><td class="td-term">Eradication</td><td class="td-def">Removing the cause of a security incident from the environment β malware, attacker persistence mechanisms, and exploited vulnerabilities.</td><td class="td-ex">After confirming a breach, the security team identifies and removes the malicious software used by the attackers.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Complete removal of all attacker footholds: malware, backdoors, compromised credentials, and exploited vulnerabilities. Must be thorough β missed persistence mechanisms allow attackers to regain access after recovery.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After confirming a breach, the security team identifies and removes the malicious software used by the attackers to regain control of the systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Recovery (IR)"><td class="td-term">Recovery</td><td class="td-def">Restoring affected systems and data to normal operations following an incident, ensuring systems are clean and secure before returning to service.</td><td class="td-ex">After eradicating a threat, the organization restores data from backups and conducts testing before going live.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Restoring systems to normal operation from known-good backups or rebuilt images. Includes verification that systems are clean, monitoring for signs of re-infection, and gradual reconnection to production networks.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After eradicating a threat, the organization restores data from backups and conducts thorough testing to confirm systems are functioning correctly before going live.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Lessons Learned"><td class="td-term">Lessons Learned</td><td class="td-def">Post-incident review identifying what worked well and what can be improved in the incident response process for future events.</td><td class="td-ex">After a security incident, the team holds a meeting to discuss the response's effectiveness and updates their incident response plan.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A structured post-incident review (typically within 2 weeks) examining the timeline, response effectiveness, gaps, and improvements. Output feeds back into the Preparation phase, continuously improving the IR capability.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After a security incident, the team holds a meeting to discuss the response's effectiveness and updates their incident response plan based on the findings.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Digital Forensics"><td class="td-term">Digital Forensics</td><td class="td-def">Application of forensic techniques to collect, preserve, and analyze electronic data to support security incident investigations.</td><td class="td-ex">A digital forensics team retrieves and analyzes logs from compromised servers to understand the scope of a data breach.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Scientifically sound collection and analysis of digital evidence. Must follow established procedures to maintain admissibility. Encompasses disk forensics (deleted files, artifacts), memory forensics, network forensics, and log analysis.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A digital forensics team retrieves and analyzes logs from compromised servers to understand the scope of a data breach and collect evidence for potential legal proceedings.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Chain of Custody"><td class="td-term">Chain of Custody</td><td class="td-def">The documented process of maintaining and handling evidence to ensure its integrity and admissibility in legal proceedings.</td><td class="td-ex">Documenting each time evidence is accessed or transferred ensures chain of custody remains intact for legal purposes.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A documented, unbroken record of who collected evidence, when it was collected, where it has been, and who has accessed it. Essential for evidence admissibility in court. Any gap or break in chain of custody can invalidate evidence.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Properly documenting each time evidence is accessed or transferred during an investigation ensures the chain of custody remains intact for legal purposes.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Acquisition (Forensic)"><td class="td-term">Acquisition</td><td class="td-def">Collecting and securing data and evidence from systems while maintaining integrity and chain of custody. Bit-for-bit copies preserve original data.</td><td class="td-ex">Investigators create bit-by-bit copies of hard drives to preserve original data for analysis while ensuring evidence integrity.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Creating forensically sound copies of evidence (disk images, memory dumps, network captures) without altering the original. Write blockers prevent accidental modification. Hash verification (SHA-256) confirms the copy is identical to the original.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">During a forensic investigation, investigators create bit-by-bit copies of hard drives to preserve original data for analysis while ensuring evidence integrity.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Legal Hold"><td class="td-term">Legal Hold</td><td class="td-def">Preserving relevant information and data for legal purposes, preventing alteration or deletion during an investigation or litigation.</td><td class="td-ex">An organization places a legal hold on all data related to a security breach to ensure evidence is preserved for potential legal action.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A directive suspending normal data destruction policies for data potentially relevant to litigation or regulatory investigation. Organizations must implement legal holds immediately upon awareness of potential legal proceedings to avoid spoliation claims.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An organization places a legal hold on all data related to a security breach to ensure that evidence is preserved for any potential legal actions.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Root Cause Analysis"><td class="td-term">Root Cause Analysis</td><td class="td-def">Systematic process identifying the underlying causes of incidents to prevent future recurrence by addressing vulnerabilities.</td><td class="td-ex">After a data breach, the security team determines how attackers gained access and what security measures failed.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A structured investigation technique (fishbone, 5-Whys) that identifies the fundamental causes of an incident, not just the symptoms. Distinguishes between proximate causes (what happened) and root causes (why it happened) to drive meaningful remediation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After a data breach, the security team conducts a root cause analysis to determine how the attackers gained access and what security measures failed.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Tabletop Exercise"><td class="td-term">Tabletop Exercise</td><td class="td-def">A discussion-based exercise where team members review and discuss responses to simulated incident scenarios to identify process strengths and weaknesses.</td><td class="td-ex">Organizing a tabletop exercise involving senior management to discuss their roles during a data breach and evaluate communication plans.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A facilitated discussion-based exercise where participants walk through an incident scenario verbally. Less resource-intensive than full simulations; ideal for testing decision-making processes, communication flows, and policy gaps across teams.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Organizing a tabletop exercise involving senior management to discuss their roles during a data breach and evaluate the organization's communication plan.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Threat Hunting"><td class="td-term">Threat Hunting</td><td class="td-def">Proactive search for indicators of compromise within an organization's network to identify threats before they cause damage.</td><td class="td-ex">Security analysts review network traffic patterns to detect suspicious activity that automated systems might miss.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Hypothesis-driven, proactive security analysis searching for evidence of adversary activity that has evaded automated detection. Hunters formulate hypotheses based on threat intelligence, then test them by querying logs, EDR telemetry, and network data.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Security analysts perform threat hunting by reviewing network traffic patterns to detect any suspicious activity that automated systems might miss.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Simulation (IR Exercise)"><td class="td-term">Simulation</td><td class="td-def">A practical exercise that mimics real-world incidents, allowing teams to practice responses in a controlled environment and evaluate effectiveness.</td><td class="td-ex">Running a simulated ransomware attack where teams must respond to a series of challenges to practice incident response skills.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A hands-on exercise recreating real incident conditions. Can range from red team/blue team exercises to full-scale disaster recovery tests. More resource-intensive than tabletop exercises but provides more realistic preparation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Running a simulated ransomware attack where teams must respond to a series of challenges to practice their incident response skills.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d4s3">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">4.3 β Data Sources for Investigation</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d4"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Application Logs"><td class="td-term">Application Logs</td><td class="td-def">Records created by applications documenting events, transactions, and errors that occur during operation. Useful for troubleshooting and performance monitoring.</td><td class="td-ex">An application log shows a series of error messages when a user attempts to access a feature that is currently down for maintenance.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Application-generated logs record user actions, transactions, errors, and security events within a specific application. Critical for investigating application-layer attacks like SQL injection, authentication bypass, and privilege escalation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An application log might show a series of error messages when a user attempts to access a feature that is currently down for maintenance.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Endpoint Logs"><td class="td-term">Endpoint Logs</td><td class="td-def">Logs from endpoint devices tracking user activity, system events, software installations, and security incidents. Crucial for endpoint security analysis.</td><td class="td-ex">An endpoint log includes details about software installations, user logins, and any detected malware activities on the device.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Telemetry from desktops, laptops, and mobile devices including process execution, file system changes, registry modifications, network connections, and user activity. EDR platforms aggregate and analyze endpoint logs for threat detection.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An endpoint log might include details about software installations, user logins, and any detected malware activities on the device.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Firewall Logs"><td class="td-term">Firewall Logs</td><td class="td-def">Logs generated by firewalls tracking allowed and denied network traffic based on predefined rules. Help identify access attempts and policy violations.</td><td class="td-ex">A firewall log entry indicates an attempt to access a restricted port, prompting the security team to investigate further.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Records every connection attempt evaluated by the firewall: source/destination IP, port, protocol, action (allow/deny), and timestamp. Essential for detecting port scans, lateral movement, data exfiltration attempts, and policy violations.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A firewall log entry can indicate an attempt to access a restricted port, allowing the security team to investigate further.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="IPS/IDS Logs"><td class="td-term">IPS/IDS Logs</td><td class="td-def">Logs from Intrusion Prevention/Detection Systems tracking suspicious activities and potential security incidents based on signatures and anomaly detection.</td><td class="td-ex">An IDS log captures an alert for a detected port scan, prompting security analysts to investigate the source of the scanning activity.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Alert logs generated when traffic matches attack signatures or behavioral baselines. Include alert type, severity, source/destination, and signature match details. High-volume sources requiring tuning to reduce false positives.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An IDS log might capture an alert for a detected port scan, prompting security analysts to investigate the source of the scanning activity.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Network Logs"><td class="td-term">Network Logs</td><td class="td-def">Logs from networking devices (routers, switches) providing insights into traffic patterns, connection attempts, and network performance.</td><td class="td-ex">A network log shows the volume of data transmitted to and from specific IP addresses, helping identify unusual traffic spikes.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Network device telemetry including flow data (NetFlow, sFlow), routing table changes, interface statistics, and DHCP/DNS logs. Used to reconstruct attack timelines, identify compromised hosts, and detect data exfiltration.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A network log can show the volume of data transmitted to and from specific IP addresses, helping network administrators identify unusual traffic spikes.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="OS-Specific Security Logs"><td class="td-term">OS Security Logs</td><td class="td-def">Security logs generated by the operating system recording authentication attempts, system events, and configuration changes. Help identify breaches and unauthorized access.</td><td class="td-ex">Windows Security Event logs record user logins, failed access attempts, and changes made to system security settings.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Windows Security Event Log, Linux syslog/auditd, and macOS Unified Log record authentication events, privilege use, object access, and policy changes. Critical for detecting pass-the-hash, privilege escalation, and account compromise.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Windows Security Event logs record user logins, failed access attempts, and changes made to system security settings, assisting in monitoring user activity.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Metadata"><td class="td-term">Metadata</td><td class="td-def">Data providing information about other data β creation dates, file sizes, access permissions, author, GPS coordinates embedded in files.</td><td class="td-ex">Metadata associated with log files includes timestamps, authors, and file formats, which help organize and retrieve logs during analysis.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Descriptive information about files, emails, and documents. Can reveal author information, location data, edit history, and timestamps. Investigators analyze metadata to establish timelines and attribute actions to specific users or systems.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Metadata associated with log files can include timestamps, authors, and file formats, which help organize and retrieve logs during analysis.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Dashboards (Security)"><td class="td-term">Dashboards</td><td class="td-def">Visual interfaces aggregating and displaying key security metrics from various sources for real-time monitoring and analysis.</td><td class="td-ex">A SOC dashboard displays real-time alerts, incident statistics, and system health metrics, allowing analysts to prioritize responses.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Centralized visual displays aggregating data from SIEM, EDR, network monitoring, and threat intelligence platforms. Enable SOC analysts to quickly identify high-priority events and trends without manually reviewing individual log sources.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A security operations center (SOC) dashboard displays real-time alerts, incident statistics, and system health metrics, allowing analysts to prioritize their response efforts.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Automated Reports"><td class="td-term">Automated Reports</td><td class="td-def">Predefined reports generated by security tools summarizing findings, trends, and metrics related to security events and compliance.</td><td class="td-ex">A weekly automated report from a SIEM includes statistics on detected incidents, response times, and trends over the past week.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Scheduled security reports generated automatically by SIEM, vulnerability scanners, and compliance tools. Provide management visibility into security posture, trend analysis, and compliance status without manual effort.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A weekly automated report from a SIEM system might include statistics on detected incidents, response times, and trends in security events over the past week.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
</section>
<!-- DOMAIN 5 -->
<section class="domain-section" data-domain="d5">
<div class="domain-hdr" data-color="orange">
<div class="domain-num">DOMAIN 05</div>
<div class="domain-title">Security Program Management & Oversight</div>
<div class="domain-sub">20% of exam Β· sections 5.1 β 5.6</div>
</div>
<div class="subsection" data-sub="d5s1">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.1 β Effective Security Governance</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Acceptable Use Policy (AUP)"><td class="td-term">Acceptable Use Policy</td><td class="td-def">A document outlining acceptable activities and restrictions for using an organization's systems and resources.</td><td class="td-ex">Employees must adhere to the AUP, which prohibits using company devices for unauthorized activities like personal file downloads.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A policy defining permitted and prohibited uses of organizational IT resources. All employees typically acknowledge the AUP as part of onboarding. Violations can result in disciplinary action up to and including termination.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees must adhere to the AUP, which prohibits using company devices for unauthorized activities like personal file downloads.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Owners"><td class="td-term">Data Owners</td><td class="td-def">Individuals or entities responsible for data who make decisions about access, usage, and classification.</td><td class="td-ex">The department head acts as the data owner, defining who can access specific datasets within the company's CRM system.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Senior individuals responsible for a data set. Define classification, access permissions, and retention requirements. Accountable for ensuring their data is appropriately protected but typically rely on data custodians for technical implementation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The department head acts as the data owner, defining who can access specific datasets within the company's CRM system.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Custodians"><td class="td-term">Data Custodians</td><td class="td-def">Individuals who maintain the integrity, security, and availability of data within an organization as directed by data owners.</td><td class="td-ex">IT administrators function as data custodians, ensuring that data is securely stored and regularly backed up.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Technical administrators responsible for implementing and maintaining security controls protecting data as directed by data owners. Perform backups, encryption, access provisioning, and monitoring. Do not set policy β they implement it.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">IT administrators function as data custodians, ensuring that data is securely stored and regularly backed up.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Controllers"><td class="td-term">Data Controllers</td><td class="td-def">Entities that determine how personal data is processed and for what purpose. Accountable under GDPR and similar privacy laws.</td><td class="td-ex">As the data controller, the company decides how customer information is collected, processed, and used for marketing.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Under GDPR, the data controller determines the purposes and means of processing personal data. Controllers bear primary accountability and must ensure processors provide sufficient guarantees of compliance.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">As the data controller, the company decides how customer information is collected, processed, and used for marketing.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Processors"><td class="td-term">Data Processors</td><td class="td-def">Entities that process data on behalf of the data controller under their instructions.</td><td class="td-ex">A cloud service provider acts as a data processor, storing and managing customer data according to the controller's instructions.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Process personal data strictly on behalf of and under instructions from the data controller. Must maintain records of processing activities and notify controllers of breaches. Enter into Data Processing Agreements (DPAs) with controllers.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A cloud service provider acts as a data processor, storing and managing customer data according to the controller's instructions.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Governance Structures"><td class="td-term">Governance Structures</td><td class="td-def">The framework of authority and decision-making within an organization, which can be centralized or decentralized.</td><td class="td-ex">The company's governance structure includes a central board that makes key strategic decisions and committees that oversee specific operations.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The organizational framework defining how security decisions are made, who has authority, and how accountability is assigned. Includes boards, committees, working groups, and executive roles like CISO, CIO, and DPO.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company's governance structure includes a central board that makes key strategic decisions and committees that oversee specific security operations.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Playbooks"><td class="td-term">Playbooks</td><td class="td-def">Step-by-step guides detailing responses to specific incidents such as phishing, ransomware, or data breaches. Reduce decision fatigue during incidents.</td><td class="td-ex">The incident response team follows a playbook to manage phishing attacks, isolating compromised accounts and conducting forensic analysis.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Documented, pre-approved response procedures for known incident types. Reduce response time and ensure consistent, compliant actions under pressure. SOAR platforms automate playbook execution. Must be regularly updated based on lessons learned.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The incident response team follows a playbook to manage and resolve phishing attacks, isolating compromised accounts and conducting forensic analysis.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Onboarding/Offboarding Procedures"><td class="td-term">Onboarding/Offboarding</td><td class="td-def">Processes for integrating new employees (provisioning access) and securely removing access when they leave the organization.</td><td class="td-ex">HR ensures new hires have proper access through onboarding, while IT handles offboarding by revoking all access when an employee exits.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Onboarding provisions access aligned to role and AUP acknowledgment. Offboarding must be immediate and comprehensive: disable accounts, revoke certificates, recover devices, transfer data. Delayed offboarding is a common source of insider threat risk.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">HR ensures new hires have proper access through onboarding, while IT handles offboarding by revoking access when an employee exits.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Password Standards"><td class="td-term">Password Standards</td><td class="td-def">Guidelines defining the complexity, length, and management requirements for passwords. Modern standards (NIST SP 800-63B) emphasize length over complexity.</td><td class="td-ex">The organization enforces password standards requiring a minimum of 12 characters with a mix of character types.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Policies governing password creation and management. NIST 800-63B recommends: minimum 8 characters, check against breach databases, no periodic forced resets unless compromised, and support for password managers. Complexity rules are now considered less effective than length.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The organization enforces password standards requiring a minimum of 12 characters, with a mix of letters, numbers, and special symbols.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d5s2">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.2 β Risk Management Process</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Risk Assessment"><td class="td-term">Risk Assessment</td><td class="td-def">Evaluation of identified risks based on their severity and likelihood of occurrence to prioritize mitigation efforts.</td><td class="td-ex">The company conducts an annual risk assessment to prioritize threats like data breaches and system downtime based on potential impact.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A systematic process identifying assets, threats, vulnerabilities, and the likelihood and impact of potential incidents. Output is a prioritized risk register informing security investment decisions. Can be one-time, recurring, or continuous.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company conducts an annual risk assessment to prioritize threats like data breaches and system downtimes based on their potential impact.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Appetite"><td class="td-term">Risk Appetite</td><td class="td-def">The overall amount of risk an organization is willing to accept in pursuit of its objectives.</td><td class="td-ex">With a conservative risk appetite, the company avoids high-risk investments and focuses on protecting existing assets.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A board-level declaration of how much risk the organization is willing to accept. Guides all risk management decisions. Expansionary appetite accepts more risk for growth; conservative appetite minimizes risk even at cost to agility.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">With a conservative risk appetite, the company avoids high-risk investments and focuses on protecting existing assets.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Mitigation"><td class="td-term">Risk Mitigation</td><td class="td-def">Actions taken to reduce the likelihood or impact of a risk. Implements controls addressing the vulnerability or threat.</td><td class="td-ex">The company mitigates the risk of unauthorized access by implementing multifactor authentication across all systems.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The primary risk management strategy: implementing controls to reduce risk to an acceptable level. Can target likelihood (preventive controls) or impact (corrective controls). Residual risk remains after mitigation.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company mitigates the risk of unauthorized access by implementing multifactor authentication across all systems.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Transfer"><td class="td-term">Risk Transfer</td><td class="td-def">Shifting the financial responsibility for managing a risk to another party, such as through cyber insurance.</td><td class="td-ex">The company purchases cyber insurance to transfer the financial risk of a potential data breach to the insurer.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Contractually shifting financial risk to a third party. Cyber insurance is the primary mechanism. Also includes outsourcing security functions to MSSPs and including liability clauses in vendor contracts. Does not eliminate the risk.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company purchases cyber insurance to transfer the financial risk of a potential data breach.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Avoidance"><td class="td-term">Risk Avoidance</td><td class="td-def">A strategy where the organization eliminates the risk entirely by not engaging in the risky activity.</td><td class="td-ex">The company avoids the risk of third-party cloud storage by opting to store sensitive data entirely in-house.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Eliminating a risk by discontinuing or not starting the activity that creates it. The most extreme risk response. May have business costs β forgoing cloud services avoids cloud risk but loses competitive benefits.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company avoids the risk of using third-party cloud storage by opting to store sensitive data in-house.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Acceptance"><td class="td-term">Risk Acceptance</td><td class="td-def">The decision to take no additional action to mitigate a risk and accept the potential consequences. Must be documented and approved.</td><td class="td-ex">The company accepts the risk of minor outages during system updates, deciding that the potential downtime is manageable.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A formal decision to accept a risk because the cost of mitigation exceeds the cost of the risk itself, or the risk falls within risk tolerance. Must be explicitly documented and approved by appropriate management authority.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company accepts the risk of minor outages during system updates, deciding that the potential downtime is manageable.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Quantitative Risk Analysis"><td class="td-term">Quantitative Risk Analysis</td><td class="td-def">A numerical evaluation of risks using financial metrics. Key formulas: SLE Γ ARO = ALE. Enables cost-benefit analysis of security investments.</td><td class="td-ex">Using quantitative analysis, the team estimates the annual cost of a potential server failure at $100,000 in lost revenue.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Assigns dollar values to risks using formulas: SLE (Single Loss Expectancy) = Asset Value Γ Exposure Factor; ALE (Annual Loss Expectancy) = SLE Γ ARO (Annualized Rate of Occurrence). Enables ROI calculations for security controls.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Using quantitative risk analysis, the team estimates the cost of a potential server failure at $100,000 in lost revenue and recovery expenses.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Qualitative Risk Analysis"><td class="td-term">Qualitative Risk Analysis</td><td class="td-def">Assessing risks based on subjective judgment, expert opinions, and relative scales (high/medium/low) rather than financial metrics.</td><td class="td-ex">The company conducts qualitative analysis through interviews with stakeholders to assess how a data breach would affect customer trust.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Categorizes risks using descriptive scales rather than precise financial values. Faster and simpler than quantitative analysis. Uses risk matrices plotting likelihood vs. impact. Suitable when precise data is unavailable or impractical to gather.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company conducts qualitative risk analysis through interviews with key stakeholders to assess how a data breach could affect customer trust.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Business Impact Analysis (BIA)"><td class="td-term">Business Impact Analysis</td><td class="td-def">Identifies the potential effects of disruptions on business operations. Establishes RTO and RPO requirements for critical systems.</td><td class="td-ex">The BIA shows that a 24-hour power outage could disrupt production and lead to significant financial losses.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Analyzes how disruptions to specific business processes affect organizational objectives. Identifies critical functions, dependencies, maximum tolerable downtime, and data recovery requirements β the foundation for DR/BC planning.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The BIA shows that a 24-hour power outage could disrupt production and lead to significant financial losses.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Risk Register"><td class="td-term">Risk Register</td><td class="td-def">A documented record of identified risks, their severity, assigned owners, and how they will be managed. Living document updated continuously.</td><td class="td-ex">The company updates its risk register after each risk assessment, tracking new cybersecurity threats and mitigation strategies.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A comprehensive log of all identified risks including: description, likelihood, impact, risk score, owner, mitigation status, and residual risk. The primary risk management artifact reviewed by boards and audit committees.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company updates its risk register after each risk assessment, tracking new cybersecurity threats and mitigation strategies.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="SLE (Single Loss Expectancy)"><td class="td-term">SLE</td><td class="td-def">The expected monetary loss for a single occurrence of a risk event. Formula: SLE = Asset Value Γ Exposure Factor.</td><td class="td-ex">The SLE for a stolen laptop is $2,000, based on the cost of the hardware and the value of the data that could be lost.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">SLE = Asset Value Γ Exposure Factor. Represents the financial impact of a single incident. The building block for ALE calculations. If an asset is worth $100,000 and EF is 30%, SLE = $30,000.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The SLE for a stolen laptop is calculated to be $2,000, based on the cost of the hardware and lost data.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="ALE (Annual Loss Expectancy)"><td class="td-term">ALE</td><td class="td-def">The expected annual monetary loss due to a specific risk. Formula: ALE = SLE Γ ARO. Used to justify security control investments.</td><td class="td-ex">The ALE for phishing attacks is $50,000, calculated based on the frequency and financial impact of incidents.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">ALE = SLE Γ ARO. The annualized expected loss from a specific risk. If a control costs less than the ALE reduction it provides, it's financially justified. Central metric in quantitative security ROI analysis.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The ALE for phishing attacks is estimated at $50,000, calculated based on the number of incidents and their financial impact.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="MTBF (Mean Time Between Failures)"><td class="td-term">MTBF</td><td class="td-def">The average time interval between failures of a system during operation. A measure of reliability and availability planning.</td><td class="td-ex">The MTBF for new servers is 12 months, suggesting they are expected to operate without failure for approximately one year between incidents.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Average time a repairable system operates without failure. Used for hardware procurement decisions and maintenance scheduling. Higher MTBF indicates greater reliability. Complements MTTR in availability planning.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The MTBF for the company's new servers is currently 12 months, suggesting that the servers are expected to operate without failure for approximately one year between incidents.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="MTTR (Mean Time to Repair)"><td class="td-term">MTTR</td><td class="td-def">The average time required to repair a failed system or component. Measures operational response efficiency.</td><td class="td-ex">The MTTR for critical servers is 4 hours, meaning the IT team is expected to restore them within that time.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Average time from failure detection to service restoration. Drives staffing and tooling decisions. Lower MTTR requires better diagnostics, spare parts, trained staff, and runbooks. MTTR directly impacts availability calculations.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The MTTR for the company's critical servers is 4 hours, meaning the IT team is expected to restore them within that time.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d5s3">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.3 β Third-Party Risk Management</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Vendor Assessment"><td class="td-term">Vendor Assessment</td><td class="td-def">The process of evaluating the risk and security posture of a vendor or third party before entering a business relationship.</td><td class="td-ex">Before selecting a cloud storage provider, the company performs a thorough vendor assessment including penetration testing and audit reviews.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A comprehensive evaluation of a vendor's security practices, financial stability, compliance certifications, and incident history. Typically involves questionnaires, review of SOC 2 reports, and contractual security requirements.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Before selecting a cloud storage provider, the company performs a thorough vendor assessment, including penetration testing and a review of internal audit evidence.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Due Diligence"><td class="td-term">Due Diligence</td><td class="td-def">The thorough investigation conducted before entering a formal agreement to evaluate a vendor's financial health, legal history, and security measures.</td><td class="td-ex">As part of vendor selection, the company performs due diligence to evaluate the vendor's financial health and security measures.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Reasonable investigation performed before entering a business relationship. Security due diligence examines vendor security controls, breach history, compliance posture, and data handling practices to identify unacceptable risks before contract execution.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">As part of the vendor selection, the company performs due diligence to evaluate the vendor's financial health, legal history, and security measures.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="SLA (Service Level Agreement)"><td class="td-term">SLA</td><td class="td-def">A contract specifying the expected level of service including performance metrics, availability guarantees, and remedies for failure to meet targets.</td><td class="td-ex">The SLA with the vendor outlines a 99.9% uptime guarantee, with penalties if this level is not maintained.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A formal agreement defining measurable service standards. Security SLAs should include incident response time commitments, breach notification timelines, uptime guarantees, and audit rights. Non-compliance triggers financial penalties or termination.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The SLA with the vendor outlines a 99.9% uptime guarantee, with penalties if this level of service is not maintained.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="NDA (Non-Disclosure Agreement)"><td class="td-term">NDA</td><td class="td-def">A legal contract that prohibits the sharing of confidential information disclosed during a business relationship or evaluation.</td><td class="td-ex">The company requires all vendors to sign an NDA to protect its proprietary information during the vendor evaluation process.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A legally binding agreement protecting confidential information shared between parties. Defines what is confidential, how it can be used, and obligations if a breach occurs. Essential before sharing security architecture, source code, or business strategies with vendors.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company requires all vendors to sign an NDA to protect its proprietary information during the vendor evaluation process.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="MOU (Memorandum of Understanding)"><td class="td-term">MOU</td><td class="td-def">A non-binding agreement outlining the terms and conditions of an understanding between parties before committing to a formal agreement.</td><td class="td-ex">The company signs an MOU with a potential vendor to explore a partnership before committing to a formal agreement.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Establishes a framework of cooperation and shared understanding between parties. Not legally binding like a contract, but sets expectations. Commonly used in government and inter-agency information sharing relationships.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company signs an MOU with a potential vendor to explore a partnership before committing to a formal agreement.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="MSA (Master Service Agreement)"><td class="td-term">MSA</td><td class="td-def">A long-term contract outlining general terms and conditions under which future work orders will be completed, eliminating renegotiation for each project.</td><td class="td-ex">The MSA allows the company to enter into multiple projects with the vendor without negotiating a new contract each time.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A framework agreement establishing standard terms for an ongoing business relationship. Security provisions (data handling, breach notification, audit rights) established in the MSA apply to all subsequent work orders, reducing per-project negotiation time.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The MSA allows the company to enter into multiple projects with the vendor without negotiating a new contract each time.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Right-to-Audit Clause"><td class="td-term">Right-to-Audit</td><td class="td-def">A contract provision granting the organization the ability to audit the vendor's processes and systems to verify compliance with security standards.</td><td class="td-ex">The vendor agreement includes a right-to-audit clause, allowing the company to verify vendor compliance with security standards at any time.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A contractual provision allowing the customer to inspect the vendor's security controls, processes, and compliance status. Can be exercised directly or through independent auditors. Essential for highly sensitive data processing relationships.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The vendor agreement includes a right-to-audit clause, allowing the company to verify the vendor's compliance with security standards at any time.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Supply Chain Analysis"><td class="td-term">Supply Chain Analysis</td><td class="td-def">The process of identifying and assessing security risks throughout the vendor's supply chain, including sub-processors and component suppliers.</td><td class="td-ex">The company conducts a supply chain analysis to ensure all vendors producing hardware components adhere to strict security standards.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Maps and assesses the extended network of suppliers, sub-contractors, and service providers that contribute to a product or service. Identifies concentration risks, geographic risks, and third-party dependencies that could propagate to the organization.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company conducts a supply chain analysis to ensure that all vendors involved in producing its hardware components adhere to strict security standards.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Vendor Monitoring"><td class="td-term">Vendor Monitoring</td><td class="td-def">Continuously evaluating a vendor's performance and compliance after the contract is in place to ensure ongoing adherence to security standards.</td><td class="td-ex">After signing the contract, the company regularly monitors the vendor's security practices and service levels to ensure SLA compliance.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Ongoing assessment of active vendor relationships. Includes reviewing annual SOC 2 reports, monitoring threat intelligence feeds for vendor breaches, conducting periodic security reviews, and tracking SLA performance metrics.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">After signing the contract, the company regularly monitors the vendor's security practices and service levels to ensure compliance with the SLA.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d5s4">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.4 β Security Compliance</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Compliance Reporting"><td class="td-term">Compliance Reporting</td><td class="td-def">Documenting and submitting reports to demonstrate adherence to legal, regulatory, and internal requirements.</td><td class="td-ex">The company prepares both internal and external compliance reports to ensure it meets all regulatory standards and internal policies.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Internal reports track compliance program health for management. External reports (SOC 2, PCI DSS assessments, HIPAA attestations) demonstrate compliance to customers, regulators, and auditors. Automation reduces manual effort in both report types.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company prepares both internal and external compliance reports to ensure it meets all regulatory standards and internal policies.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Consequences of Non-Compliance"><td class="td-term">Non-Compliance Consequences</td><td class="td-def">The penalties or adverse effects resulting from failing to comply with legal, regulatory, or contractual obligations.</td><td class="td-ex">Failing to meet data protection requirements can lead to significant fines and reputational damage.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Consequences range from financial (fines up to 4% of global revenue under GDPR) to operational (loss of license, contract termination) to reputational (public disclosure of violations). Criminal liability may apply for negligent executives.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Failing to meet compliance requirements for customer data protection can lead to significant fines and reputational damage.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Inventory and Retention"><td class="td-term">Data Inventory & Retention</td><td class="td-def">Cataloging what data exists and determining how long data should be kept based on regulatory or business requirements.</td><td class="td-ex">The company maintains a detailed data inventory and retention schedule to ensure compliance with legal requirements.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Data inventory maps what sensitive data exists and where it lives. Retention schedules define how long each data type must be kept (legal minimum) and when it must be deleted (to limit exposure). Balances legal retention requirements against privacy minimization principles.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company maintains a detailed data inventory and retention schedule to ensure compliance with legal requirements.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Right to be Forgotten"><td class="td-term">Right to Be Forgotten</td><td class="td-def">The right of individuals to request deletion of their personal data from an organization's records (GDPR Article 17).</td><td class="td-ex">Customers exercise their right to be forgotten, and the company deletes their personal data from its systems accordingly.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Under GDPR Article 17 (Right to Erasure), individuals can request deletion of their personal data when it's no longer necessary, consent is withdrawn, or there's no legitimate interest. Organizations must propagate deletion requests to processors and third parties.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Customers exercise their right to be forgotten, and the company deletes their personal data from its systems accordingly.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Global Privacy Laws"><td class="td-term">Global Privacy Laws</td><td class="td-def">International laws governing data protection and privacy, requiring organizations to adhere to multiple jurisdictional requirements simultaneously.</td><td class="td-ex">The company adjusts its global operations to meet privacy requirements across the EU, US, and other regions.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Major privacy frameworks: GDPR (EU β extraterritorial scope, up to 4% global revenue fines), CCPA (California), PIPEDA (Canada), LGPD (Brazil), PIPL (China). Organizations operating globally must comply with the strictest applicable law.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company adjusts its global operations to meet privacy requirements across the EU, U.S., and other regions.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Data Subject"><td class="td-term">Data Subject</td><td class="td-def">An individual whose personal data is collected, stored, or processed by an organization. Has rights under privacy laws including access and deletion.</td><td class="td-ex">As a data subject, customers have the right to access and request deletion of their personal information.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Under GDPR and similar laws, the natural person whose personal data is being processed. Data subjects have rights: access (view their data), rectification (correct errors), erasure (right to be forgotten), portability, and objection to processing.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">As a data subject, customers have the right to access and request the deletion of their personal information from the company's database.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d5s5">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.5 β Audits & Assessments</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Penetration Testing"><td class="td-term">Penetration Testing</td><td class="td-def">Authorized simulated attack on systems to identify vulnerabilities before malicious actors can exploit them. Types: black box, white box, gray box.</td><td class="td-ex">The IT team conducts a penetration test to find potential weak points in the organization's security defenses.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Ethical hacking exercise simulating real attacks. Black box (no prior knowledge), white box (full knowledge), gray box (partial). Phases: reconnaissance, scanning, exploitation, post-exploitation, reporting. Must have written authorization (rules of engagement).</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The IT team conducts a penetration test to find potential weak points in the organization's security defenses before malicious actors can exploit those weak points.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Reconnaissance"><td class="td-term">Reconnaissance</td><td class="td-def">Information gathering phase of penetration testing. Passive (observing public data) or active (directly interacting with the target).</td><td class="td-ex">The penetration testing team spends several days gathering details about the company's network before launching test attacks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The first phase of penetration testing. Passive recon uses OSINT (public records, social media, DNS, job postings) without alerting the target. Active recon (port scanning, service enumeration) interacts directly with systems and may trigger alerts.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The penetration testing team spends several days in reconnaissance, gathering details about the company's network before launching their test attacks.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Independent Third-Party Audit"><td class="td-term">Third-Party Audit</td><td class="td-def">An objective audit conducted by an outside firm to verify compliance, financial accuracy, or effectiveness of internal controls.</td><td class="td-ex">The company hires an independent third-party firm to audit its security protocols and provide an objective assessment.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">An audit conducted by an independent party with no conflict of interest. SOC 2 Type II, ISO 27001, and PCI DSS QSA assessments are common third-party audits. Provide customers and regulators with objective assurance of control effectiveness.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">To maintain transparency, the company hires an independent third-party firm to audit its financial records and security protocols.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Self-Assessments"><td class="td-term">Self-Assessments</td><td class="td-def">Internal evaluations where an organization reviews its own processes, controls, and adherence to regulations or policies.</td><td class="td-ex">The IT department conducts self-assessments to identify potential security vulnerabilities before the external audit.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Organizations evaluate their own security controls against a framework (NIST CSF, CIS Controls, ISO 27001). Lower cost than external audits but lacks independence. Used to identify gaps before formal assessments and to demonstrate due care.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The IT department conducts self-assessments to identify potential security vulnerabilities before the external audit.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Attestation"><td class="td-term">Attestation</td><td class="td-def">Formally affirming or verifying that certain standards or requirements have been met, often through internal or external review and sign-off.</td><td class="td-ex">The company provides attestation of its compliance with industry standards through a formal audit conducted by an independent firm.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A formal declaration, typically signed by an executive or auditor, asserting that controls are operating effectively. Internal attestation comes from management; external attestation from independent third parties. Both carry legal accountability.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company provides attestation of its compliance with industry standards through a formal audit conducted by an independent third-party firm.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Rules of Engagement"><td class="td-term">Rules of Engagement</td><td class="td-def">Guidelines outlining acceptable behavior and interactions during penetration tests or audits, including scope, timing, and restricted systems.</td><td class="td-ex">The company defines rules of engagement with its vendor before conducting a penetration test, specifying what systems can be assessed.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The documented agreement governing scope, limitations, timing, and emergency procedures for penetration tests. Defines in-scope and out-of-scope systems, prohibited techniques (e.g., physical intrusion, social engineering), and escalation procedures if critical vulnerabilities are found.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company defines rules of engagement with its vendor before conducting a penetration test, specifying what systems can be assessed and the scope of the test.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
<div class="subsection" data-sub="d5s6">
<div class="sub-hdr" onclick="toggleSub(this)"><div class="sub-bullet"></div><div class="sub-title">5.6 β Security Awareness Practices</div><div class="sub-count"></div><div class="sub-toggle">βΆ</div></div>
<div class="sub-body"><div class="tbl-scroll"><table class="term-table" data-domain="d5"><thead><tr><th>TERM</th><th>DEFINITION</th><th>CONTEXTUAL EXAMPLE</th></tr></thead><tbody>
<tr onclick="expand(this)" data-term="Phishing Campaigns (Awareness)"><td class="td-term">Phishing Campaigns</td><td class="td-def">Coordinated simulated phishing attacks used to test and train employees to recognize and report phishing attempts.</td><td class="td-ex">The security team sends simulated phishing emails quarterly to measure and improve employee click-through rates.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Simulated phishing exercises measure employee susceptibility and provide immediate teachable moments. Metrics (click rate, credential submission rate, report rate) track improvement over time. Platforms like KnowBe4 and Proofpoint automate campaign management.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">A company faces a phishing campaign targeting multiple departments, where fake invoice requests are sent to over 500 employees.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Social Engineering"><td class="td-term">Social Engineering</td><td class="td-def">A tactic where attackers manipulate individuals into divulging confidential information or performing actions that compromise security.</td><td class="td-ex">An employee encounters social engineering when a caller pretends to be from IT support, attempting to extract login credentials.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Psychological manipulation exploiting human tendencies: trust, authority, urgency, fear, reciprocity. Techniques: pretexting (fabricated scenario), baiting (tempting offer), quid pro quo (exchange), tailgating (physical access). The most effective attack vector against well-patched environments.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">An employee encounters social engineering when a caller pretends to be from IT support, attempting to extract login credentials.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Insider Threat Awareness"><td class="td-term">Insider Threat Awareness</td><td class="td-def">Training employees to recognize indicators of insider threat behavior β both malicious and unintentional β and to report concerns appropriately.</td><td class="td-ex">The security team monitors user activities to identify potential insider threats from employees with access to sensitive information.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Awareness programs educating employees about insider threat indicators: downloading large data volumes, accessing systems outside normal hours, expressing workplace grievances. Combines technical detection (UEBA) with a reporting culture.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The security team monitors user activities to identify potential insider threats, particularly from employees with access to sensitive information.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Operational Security (OPSEC)"><td class="td-term">OPSEC</td><td class="td-def">A risk management process that protects sensitive information by identifying and addressing vulnerabilities in day-to-day operations.</td><td class="td-ex">The company implements operational security measures, restricting access to sensitive data and training employees on information hygiene.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">A process for protecting information that could be aggregated by adversaries to reveal sensitive operational details. Involves identifying critical information, analyzing threats, identifying vulnerabilities, assessing risk, and applying countermeasures.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The company implements operational security measures, restricting access to sensitive data to mitigate risks.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Password Management (Awareness)"><td class="td-term">Password Management</td><td class="td-def">Best practices and tools for creating, storing, and managing secure passwords to prevent unauthorized access.</td><td class="td-ex">Employees participate in password management training, learning to create strong passwords and use password managers effectively.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Awareness training covering: creating strong unique passwords, using password managers (1Password, Bitwarden), recognizing credential-harvesting attacks, and understanding why password reuse is dangerous. Complements technical controls like MFA.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees participate in password management training, learning how to create strong passwords and effectively use password managers.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Anomalous Behavior Recognition"><td class="td-term">Anomalous Behavior Recognition</td><td class="td-def">Identifying actions that deviate from normal patterns β potentially indicating risky, unexpected, or malicious activities.</td><td class="td-ex">The security team detects anomalous behavior when an employee attempts to access sensitive files at unusual hours from an unknown location.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Training users and deploying UEBA (User and Entity Behavior Analytics) to detect behavioral deviations. Unusual login times, abnormal data access volumes, and geographic impossibilities are key anomaly indicators.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The security team detects anomalous behavior when an employee attempts to access sensitive files at unusual hours.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Situational Awareness"><td class="td-term">Situational Awareness</td><td class="td-def">Being aware of one's environment and recognizing potential threats or vulnerabilities in real time, both physical and digital.</td><td class="td-ex">Employees improve their situational awareness during training, learning to spot social engineering tactics and suspicious behaviors.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">The ongoing ability to perceive and comprehend security-relevant elements of the environment. Includes recognizing tailgating attempts, suspicious USB drives, unexpected callers, and unusual network behavior. A foundational skill for all security-conscious employees.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees improve their situational awareness during training, learning to spot social engineering tactics.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Removable Media Risks"><td class="td-term">Removable Media Risks</td><td class="td-def">Portable devices like USB drives and external hard drives must be securely managed to prevent data exfiltration and malware introduction.</td><td class="td-ex">Employees receive guidelines on the risks associated with using unsecured removable media and secure data transfer practices.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Removable media creates bidirectional risk: malware introduced into the organization (USB drop attacks) and data exfiltrated out. Controls include DLP policies, device encryption, endpoint USB port disabling, and awareness training.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">Employees receive guidelines on the risks associated with using unsecured removable media and the need for secure data transfer practices.</div></div></div></td></tr>
<tr onclick="expand(this)" data-term="Hybrid / Remote Work Security"><td class="td-term">Hybrid/Remote Work Security</td><td class="td-def">Work environments where employees work both on-site and remotely, requiring additional security measures to manage associated risks.</td><td class="td-ex">The organization updates its security policies to address challenges specific to hybrid environments, focusing on securing home networks.</td></tr>
<tr class="expand-row"><td colspan="3"><div class="expand-inner"><div><div class="expand-label">Definition</div><div class="expand-text">Remote work expands the attack surface beyond organizational perimeter. Key risks: insecure home Wi-Fi, shoulder surfing, personal device use, VPN split tunneling. Controls: mandatory VPN, endpoint encryption, MFA, and remote work security training.</div></div><div><div class="expand-label">Contextual Example</div><div class="expand-ex">The organization updates its security policies to address challenges specific to hybrid and remote work environments, focusing on securing home networks.</div></div></div></td></tr>
</tbody></table></div></div>
</div>
</section>
<div class="empty-state" id="emptyState">
<p>No terms matched your search criteria β try different keywords or clear the filter</p>
</div>
<div class="doc-footer">
<div>
<p>COMPTIA SECURITY+ SY0-701 EXAM REFERENCE DOSSIER β ALL 5 DOMAINS β FOR CANDIDATE USE ONLY</p>
<p style="margin-top:4px">COMPLETE DOMAIN COVERAGE 1β5 Β· INTERACTIVE GLOSSARY Β· <span id="footCount">β</span> TERMS INDEXED</p>
</div>
<div class="footer-stamp">UNCLASSIFIED//FOR OFFICIAL STUDY USE</div>
</div>
</div></div></div>
<script>
function expand(row) {
const exp = row.nextElementSibling;
if (!exp || !exp.classList.contains('expand-row')) return;
const wasOpen = exp.classList.contains('show');
row.closest('tbody').querySelectorAll('.expand-row.show').forEach(r => r.classList.remove('show'));
row.closest('tbody').querySelectorAll('tr.expanded').forEach(r => r.classList.remove('expanded'));
if (!wasOpen) { exp.classList.add('show'); row.classList.add('expanded'); }
}
function toggleSub(hdr) { hdr.closest('.subsection').classList.toggle('open'); }
document.querySelectorAll('.fbtn').forEach(btn => {
btn.addEventListener('click', function() {
document.querySelectorAll('.fbtn').forEach(b => b.classList.remove('active'));
this.classList.add('active');
applyFilters();
});
});
function applyFilters() {
const cat = document.querySelector('.fbtn.active').dataset.filter;
const term = document.getElementById('searchInput').value.trim().toLowerCase();
let vis = 0;
document.querySelectorAll('.domain-section').forEach(sec => {
const domOk = cat === 'all' || cat === sec.dataset.domain;
sec.style.display = domOk ? '' : 'none';
if (!domOk) return;
sec.querySelectorAll('tbody tr:not(.expand-row)').forEach(row => {
const txt = (row.dataset.term + ' ' + row.textContent).toLowerCase();
const show = !term || txt.includes(term);
row.style.display = show ? '' : 'none';
const exp = row.nextElementSibling;
if (exp?.classList.contains('expand-row')) exp.style.display = show ? '' : 'none';
if (show) {
vis++;
if (term.length > 1) { applyHL(row, term); row.closest('.subsection')?.classList.add('open'); }
else clearHL(row);
} else clearHL(row);
});
});
document.getElementById('visCount').textContent = vis;
document.getElementById('emptyState').classList.toggle('show', vis === 0);
}
function applyHL(row, term) {
clearHL(row);
const re = new RegExp('(' + term.replace(/[.*+?^${}()|[\]\\]/g,'\\$&') + ')', 'gi');
['.td-term','.td-def','.td-ex'].forEach(sel => {
const el = row.querySelector(sel);
if (!el || el.dataset.orig) return;
el.dataset.orig = el.innerHTML;
el.innerHTML = el.textContent.replace(re, '<mark>$1</mark>');
});
}
function clearHL(row) {
['.td-term','.td-def','.td-ex'].forEach(sel => {
const el = row.querySelector(sel);
if (el?.dataset.orig) { el.innerHTML = el.dataset.orig; delete el.dataset.orig; }
});
}
document.getElementById('searchInput').addEventListener('input', applyFilters);
document.addEventListener('keydown', e => {
if (e.key === '/' && document.activeElement.tagName !== 'INPUT') { e.preventDefault(); document.getElementById('searchInput').focus(); }
if (e.key === 'Escape') { document.getElementById('searchInput').value = ''; applyFilters(); }
});
document.addEventListener('DOMContentLoaded', () => {
const counts = {};
['d1','d2','d3','d4','d5'].forEach(d => {
counts[d] = document.querySelectorAll('[data-domain="'+d+'"] tbody tr:not(.expand-row)').length;
});
const total = Object.values(counts).reduce((a,b)=>a+b,0);
document.getElementById('d1count').textContent = counts.d1;
document.getElementById('d2count').textContent = counts.d2;
document.getElementById('d3count').textContent = counts.d3;
document.getElementById('d4count').textContent = counts.d4;
document.getElementById('d5count').textContent = counts.d5;
document.getElementById('visCount').textContent = total;
document.getElementById('totalCount').textContent = total;
document.getElementById('footCount').textContent = total;
document.querySelectorAll('.subsection').forEach(sub => {
const cnt = sub.querySelectorAll('tbody tr:not(.expand-row)').length;
const el = sub.querySelector('.sub-count');
if (el) el.textContent = cnt + ' terms';
});
});
</script>
</body>
</html>