Cyber Vocab Session 8

1. Zero-Trust (Category: General)

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters and instead must verify anything and everything trying to connect to their systems before granting access.

This approach mitigates the risks of insider threats and advanced persistent threats by requiring authentication and authorization for every access request, regardless of the user's location or the resource's location.

Zero Trust is implemented in organizations by employing rigorous identity verification, least-privilege access controls, and continuous monitoring of network activity to ensure security and minimize internal and external threats.

2. CSRF (Category: Common Vulnerabilities)

Cross-Site Request Forgery (CSRF) is a type of security vulnerability in web applications where attackers trick a user's browser into performing actions on a website without the user's knowledge or consent, typically while the user is logged into the website.

This vulnerability exploits the trust that a site has in the user's browser, leading to unauthorized actions, such as changing user settings or initiating financial transactions.

To avoid CSRF vulnerabilities, web applications should implement anti-CSRF tokens, which are unique, session-specific strings that validate the authenticity of requests made by the user.

3. Blacklists (Category: General)

Blacklists, also referred to as blocklists, are a security mechanism used to prevent access or services to certain entities considered harmful or malicious, such as IP addresses, email addresses, or domains.

They are widely used in network security, email filtering, and web content management to protect against spam, cyber attacks, and unauthorized access.

The efficiency of a blacklist relies on its accuracy and timeliness, necessitating frequent updates to keep pace with the evolving nature of online threats and undesired entities.

4. NIST (Category: General)

The National Institute of Standards and Technology (NIST) is a U.S. federal agency within the Department of Commerce, renowned for its role in developing standards, metrics, and technology to enhance productivity, facilitate trade, and improve the quality of life.

NIST conducts research in various fields of physical science, engineering, and information technology, contributing significantly to advancements in areas like nanotechnology, cybersecurity, and manufacturing

To verify that your organization has robust information security, check using the NIST cybersecurity framework.

5. DevSecOps (Category: General)

DevSecOps is a type of work style where developers, managers, IT and security professionals collaborate and work together by sharing tasks and conducting rapid deployment.

This approach promotes a 'security as code' culture, ensuring that security considerations are integrated from the initial design through to development, deployment, and software maintenance.

DevSecOps enhances the software development process by integrating security practices throughout, resulting in faster, more secure software releases and a reduced risk of security vulnerabilities.