AAA
Authentication, authorization, and accounting (AAA) → security framework that controls identity verification, access permissions, and activity tracking.
Authentication in AAA
Authentication in authentication, authorization, and accounting (AAA) → verifies the identity of a user, device, or system.
Authorization in AAA
Authorization in authentication, authorization, and accounting (AAA) → determines what actions an authenticated user is allowed to perform.
Accounting in AAA
Accounting in authentication, authorization, and accounting (AAA) → tracks user activity and resource usage for auditing and logging.
CA
Certificate authority (CA) → trusted entity that issues and manages digital certificates.
Certificate-Based Authentication
Certificate-based authentication → authentication method using digital certificates instead of passwords.
Authorization Models
Authorization models → structured approaches for assigning permissions such as role-based or rule-based access control.
No Authorization Model
No authorization model → environment where users have unrestricted access with no defined permission structure.
Gap Analysis
Gap analysis → process of comparing current security posture to a desired baseline using a chosen framework.
Gap Analysis Compare and Contrast
Gap analysis compare and contrast → evaluates differences between current controls and required controls to identify weaknesses and priorities.
-
Security Controls10
-
The CIA Triad & Non-Repudiation8
-
AAA & Gap Analysis10
-
Zero Trust12
-
Physical Security8
-
Deception & Disruption4
-
Change Management9
-
Technical Change Management9
-
Public Key Infrastructure & Encrypting Data24
-
Key Exchange & Encyption Technology10
-
Obfuscation8
-
Hashing & Digital Signatures9
-
Digital Certificates12
-
Threat Actors8
-
Common Threat Vectors12
-
Common Social Engineering Attacks9
-
Application & Memory-Based Attacks9
-
SQL Injections & Cross-site Scripting6
-
Operating System & Hardware Vulnerabilities7
-
Virtualization & Cloud-specific Vulnerabilities10
-
Supply Chain & Misconfiguration Vulnerabilities10
-
Mobile Device & Zero-day Vulnerabilities7
-
An Overview of Malware14
-
Viruses, Worms, Spyware & Bloatware10
-
Other Malware Types & Physical Attacks9
-
Denial of Service & DNS Attacks10
-
Wireless & On-Path Attacks:6
-
Replay Attacks & Malicious Code9
-
Cryptographic & Password Attacks8
-
Indicators of Compromise10
-
Segmentation, Access Control & Mitigation Techniques10
-
Hardening Techniques10
-
Cloud Infrastructures9
-
Network Infrastructure Concepts14
-
Infrastructure Considerations15
-
Intrusion Prevention7
-
Network Appliances & Port Security16
-
Firewall Types & Secure Communication11
-
Data Types & Classifications12
-
States of Data & Protecting Data14
-
Resiliency9
-
Capacity Planning, Backups & Recovery Testing9
-
Infrastructure Hardening & Secure Deployment11
-
Wireless Security Settings11
-
Application Security7
-
Asset Management, Vulnerability Scanning & Threat Intelligence14
-
Penetration Testing & Analyzing Vulnerabilities14
-
Vulnerability Remediation & Security Monitoring10
-
Security Tools10
-
Secure Protocols, OS & Email Security15
-
Monitoring Data & Endpoint Security13
-
Identity & Access Management8
-
Access Controls10
-
Incident Response & Planning10
-
Digital Forensics & Log Data17
-
Security Policies, Standards, Procedures & Considerations12
-
Data Roles, Risk Analysis & Management Strategies14
-
Business Impact Analysis & Agreement Types15
-
Compliance, Privacy, Audits & Assessments11
-
Penetration Testing, Security Awareness & User Training10
